Adobe has patched practically two dozen vulnerabilities throughout 9 of its merchandise with its September 2025 Patch Tuesday updates, together with vital flaws in ColdFusion and Commerce.
The vital ColdFusion vulnerability, tracked as CVE-2025-54261 with a CVSS rating of 9.0, has been described as a path traversal subject that may result in an arbitrary file system write. It impacts ColdFusion 2021, 2023, and 2025 on all platforms.
Adobe says it’s not conscious of any in-the-wild exploitation of CVE-2025-54261, however assigned the flaw a precedence ranking of ‘1’, which signifies that it ought to be addressed as quickly as potential (inside 72 hours is advisable).
It’s not unusual for menace actors to take advantage of ColdFusion vulnerabilities in assaults. The latest is CVE-2024-20767, patched by Adobe in March 2024 and reported as being exploited in December 2024.
Web scans present a whole bunch of 1000’s of ColdFusion situations uncovered to the online and probably weak to assaults.
The vital vulnerability fastened in Commerce, in addition to in Magento Open Supply, is CVE-2025-54236, which will be exploited by an unauthenticated attacker to bypass a safety function. Magento vulnerabilities are additionally usually exploited within the wild.
Adobe patched high-severity vulnerabilities in Acrobat Reader, Premiere Professional, Substance 3D Viewer, Expertise Supervisor (AEM), Dreamweaver, and Substance 3D Modeler. These safety holes can enable arbitrary code execution and safety function bypasses.
It’s value noting that these flaws are listed as ‘vital’ in Adobe’s advisories, however they’re ‘excessive severity’ based mostly on their CVSS rating. Commercial. Scroll to proceed studying.
Medium- and low-severity points have been resolved in Acrobat Reader, Expertise Supervisor (AEM), and After Results. They will result in a safety function bypass or reminiscence publicity.
The high- and medium-severity flaws have a precedence ranking of ‘3’, which signifies that Adobe doesn’t anticipate them to be exploited in assaults.
Associated: Adobe Patches ColdFusion Flaw at Excessive Danger of Exploitation
Associated: Adobe Patches Over 60 Vulnerabilities Throughout 13 Merchandise
Associated: Adobe Points Out-of-Band Patches for AEM Types Vulnerabilities With Public PoC
