Adobe Patches Nearly 140 Vulnerabilities

Posted on By CWS

Adobe on Tuesday introduced the rollout of patches for practically 140 vulnerabilities throughout its merchandise, together with critical-severity bugs in ColdFusion and Expertise Supervisor.

ColdFusion obtained fixes for 12 safety defects, most of which may very well be exploited for arbitrary code execution.

Probably the most extreme of those are CVE-2025-61808, CVE-2025-61809, and CVE-2025-61830 (CVSS rating of 9.1), described as unrestricted harmful file add, improper enter validation, and deserialization of untrusted knowledge, respectively.

Fixes for all 12 bugs had been included in ColdFusion 2025 replace 5, ColdFusion 2023 replace 7, and ColdFusion 2021 replace 23.

This month, Expertise Supervisor (AEM) obtained fixes for 117 vulnerabilities, 116 of that are cross-site scripting (XSS) flaws, together with two critical-severity bugs, tracked as CVE-2025-64537 and CVE-2025-64539 (CVSS rating of 9.3).

The remaining 114 XSS points are medium-severity bugs. The replace additionally resolves a high-severity defect described as dependency on a susceptible third-party element.

AEM Cloud Service launch 2025.12 and AEM variations 6.5 LTS SP1 (GRANITE-61551 Hotfix) and 6.5.24 resolve all safety defects.

Adobe has slapped a precedence score of ‘1’ on each the ColdFusion and AEM updates, urging customers to use the fixes as quickly as attainable.Commercial. Scroll to proceed studying.

On Tuesday, the corporate additionally introduced fixes for 2 high- and two medium-severity safety holes within the DNG SDK, two high- and two low-severity points in Acrobat and Reader, and one medium-severity flaw in Inventive Cloud Desktop for macOS.

Adobe says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Further info may be discovered on the corporate’s safety advisories web page.

Associated: Adobe Patches 29 Vulnerabilities

Associated: Exploitation of Vital Adobe Commerce Flaw Places Many eCommerce Websites at Threat

Associated: Organizations Warned of Exploited Adobe AEM Types Vulnerability

Associated: Adobe Patches Vital Vulnerability in Join Collaboration Suite

Security Week News Tags:, ,

Related Posts

GlassWorm Malware Returns to Open VSX, Emerges on GitHub Security Week News
Nevada Ransomware Attack Started Months Before It Was Discovered, Per Report Security Week News
Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild Security Week News
Casie Antalis Named Executive Director of CISA Security Week News
Palo Alto Networks to Acquire CyberArk for $25 Billion Security Week News
FBI Warns of Spoofed IC3 Website Security Week News