Adobe Patches Nearly 140 Vulnerabilities

Posted on By CWS

Adobe on Tuesday introduced the rollout of patches for practically 140 vulnerabilities throughout its merchandise, together with critical-severity bugs in ColdFusion and Expertise Supervisor.

ColdFusion obtained fixes for 12 safety defects, most of which may very well be exploited for arbitrary code execution.

Probably the most extreme of those are CVE-2025-61808, CVE-2025-61809, and CVE-2025-61830 (CVSS rating of 9.1), described as unrestricted harmful file add, improper enter validation, and deserialization of untrusted knowledge, respectively.

Fixes for all 12 bugs had been included in ColdFusion 2025 replace 5, ColdFusion 2023 replace 7, and ColdFusion 2021 replace 23.

This month, Expertise Supervisor (AEM) obtained fixes for 117 vulnerabilities, 116 of that are cross-site scripting (XSS) flaws, together with two critical-severity bugs, tracked as CVE-2025-64537 and CVE-2025-64539 (CVSS rating of 9.3).

The remaining 114 XSS points are medium-severity bugs. The replace additionally resolves a high-severity defect described as dependency on a susceptible third-party element.

AEM Cloud Service launch 2025.12 and AEM variations 6.5 LTS SP1 (GRANITE-61551 Hotfix) and 6.5.24 resolve all safety defects.

Adobe has slapped a precedence score of ‘1’ on each the ColdFusion and AEM updates, urging customers to use the fixes as quickly as attainable.Commercial. Scroll to proceed studying.

On Tuesday, the corporate additionally introduced fixes for 2 high- and two medium-severity safety holes within the DNG SDK, two high- and two low-severity points in Acrobat and Reader, and one medium-severity flaw in Inventive Cloud Desktop for macOS.

Adobe says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Further info may be discovered on the corporate’s safety advisories web page.

Associated: Adobe Patches 29 Vulnerabilities

Associated: Exploitation of Vital Adobe Commerce Flaw Places Many eCommerce Websites at Threat

Associated: Organizations Warned of Exploited Adobe AEM Types Vulnerability

Associated: Adobe Patches Vital Vulnerability in Join Collaboration Suite

Security Week News Tags:, ,

Related Posts

Thirteen Romanians Arrested for Phishing the UK’s Tax Service Security Week News
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability Security Week News
Year-Old WordPress Plugin Flaws Exploited to Hack Websites Security Week News
Two Scattered Spider Suspects Arrested in UK; One Charged in US Security Week News
Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure Security Week News
Cyata Emerges From Stealth With $8.5 Million in Funding Security Week News