Adobe Deploys Critical Patch Addressing 254 Vulnerabilities to Mitigate High-Severity Security Risks
Adobe has released significant security updates addressing a total of 254 vulnerabilities that affect its software portfolio, predominantly impacting Adobe Experience Manager (AEM). Out of these, 225 vulnerabilities are related to AEM, affecting AEM Cloud Service (CS) and all versions up to and including 6.5.22. These issues have been rectified in the AEM Cloud Service Release 2025.5 and version 6.5.23.
The exploitation of these vulnerabilities could lead to serious security concerns, including arbitrary code execution, privilege escalation, and security feature bypass, as noted in an advisory from Adobe. Almost all of the 225 vulnerabilities are classified as cross-site scripting (XSS), a combination of stored and DOM-based XSS, which could be leveraged to achieve arbitrary code execution.
The discovery and reporting of these XSS vulnerabilities have been credited to security researchers such as Jim Green (green-jam), Akshay Sharma (anonymous_blackzero), and lpi. Among the critical flaws addressed in this update is a code execution vulnerability in Adobe Commerce and Magento Open Source.
One of the most severe vulnerabilities patched this month is a reflected XSS flaw designated as CVE-2025-47110, with a CVSS score of 9.1, which could result in arbitrary code execution. Additionally, an improper authorization flaw (CVE-2025-43585, CVSS score: 8.2) has been addressed, which could allow attackers to bypass security features.
The following versions of the software are affected:
– Adobe Commerce (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier, and 2.4.4-p13 and earlier)
– Adobe Commerce B2B (1.5.2 and earlier, 1.4.2-p5 and earlier, 1.3.5-p10 and earlier, 1.3.4-p12 and earlier, and 1.3.3-p13 and earlier)
– Magento Open Source (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier)
The remaining updates include four relating to code execution flaws found in Adobe InCopy (CVE-2025-30327, CVE-2025-47107, CVSS scores: 7.8) and Substance 3D Sampler (CVE-2025-43581, CVE-2025-43588, CVSS scores: 7.8).
Although none of the vulnerabilities have been reported as publicly known or exploited in the wild, it is strongly recommended that users upgrade to the latest versions to protect against potential risks.
Ahold Delhaize, a prominent global food retail chain, has alerted over 2.2 million individuals regarding the unauthorized access and theft…
The Federal Bureau of Investigation (FBI) conducted a thorough investigation into the activities of IntelBroker, a prominent figure operating under…
Hawaiian Airlines has recently experienced a cybersecurity incident that has affected some of its IT systems. The airline officially acknowledged…
Scammers have leveraged a sophisticated tool known as Inferno Drainer to illicitly acquire approximately $43,000 in cryptocurrency from 110 users…
Thousands of personal records linked to athletes and attendees of the Saudi Games have been compromised due to a cyber-attack…
CoinMarketCap experienced a security breach on Friday, marked by the emergence of a deceptive popup on its platform. This notification…
OpenAI is set to release an update for ChatGPT that will activate the new o3 Pro model, which boasts enhanced…
Recent discoveries have identified two critical vulnerabilities in the open-source forum software vBulletin, one of which is confirmed to be…
Microsoft has released the KB5058481 preview cumulative update for Windows 10 22H2, which introduces several enhancements, including the restoration of…