Security Advisory

Adobe Product Suite December 2025 Routine Security Update Advisory

  • Dec 11 2025
Adobe Product Suite December 2025 Routine Security Update Advisory

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Acrobat DC continuous

Acrobat Reader DC continuous

Acrobat 2024 classic 2024

Acrobat 2020 classic 2020

Acrobat Reader 2020 classic 2020

ColdFusion 2025 update 4 and earlier

ColdFusion 2023 update 16 and earlier

ColdFusion 2021 update 22 and earlier

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to an untrusted search path in Acrobat DC (CVE-2025-64785)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Acrobat DC (CVE-2025-64899)

Security feature bypass vulnerability due to improper cryptographic signature verification in Acrobat DC (CVE-2025-64786)

Security feature bypass vulnerability due to improper cryptographic signature verification in Acrobat DC (CVE-2025-64787)

Arbitrary code execution vulnerability due to unrestricted upload of risky types of files in ColdFusion 2025 (CVE-2025-61808)

Security feature bypass vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-61809)

Arbitrary code execution vulnerability due to untrusted data deserialization in ColdFusion 2025 (CVE-2025-61830)

Arbitrary code execution vulnerability due to untrusted data deserialization in ColdFusion 2025 (CVE-2025-61810)

Arbitrary code execution vulnerability due to improper access control in ColdFusion 2025 (CVE-2025-61811)

Arbitrary code execution vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-61812)

Arbitrary file read vulnerability due to lack of XML entity reference (XXE) restriction in ColdFusion 2025 (CVE-2025-61813)

Arbitrary file read vulnerability due to lack of XML Entity Reference (XXE) restriction in ColdFusion 2025 (CVE-2025-61821)

Arbitrary file write vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-61822)

Arbitrary file read vulnerability due to lack of XML entity reference (XXE) restriction in ColdFusion 2025 (ImportantCVE-2025-61823)

Privilege escalation vulnerability due to improper access control in ColdFusion 2025 (CVE-2025-64897)

Privilege escalation vulnerability due to insufficiently protected credentials in ColdFusion 2025 (CVE-2025-64898)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the December 09, 2025 update

Acrobat DC continuous

Acrobat Reader DC continuous

Acrobat 2024 classic 2024

Acrobat 2020 classic 2020

Acrobat Reader 2020 classic 2020

ColdFusion 2025 update 5

ColdFusion 2023 update 17

ColdFusion 2021 update 23

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-119 : Security update available for Adobe Acrobat Reader

https://helpx.adobe.com/security/products/acrobat/apsb25-119.html

APSB25-105 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html

Tags:
Previous Post

Next Post