Adobe Patches Nearly 140 Vulnerabilities

Adobe Patches Nearly 140 Vulnerabilities

Posted on By CWS

Adobe on Tuesday introduced the rollout of patches for practically 140 vulnerabilities throughout its merchandise, together with critical-severity bugs in ColdFusion and Expertise Supervisor.

ColdFusion obtained fixes for 12 safety defects, most of which may very well be exploited for arbitrary code execution.

Probably the most extreme of those are CVE-2025-61808, CVE-2025-61809, and CVE-2025-61830 (CVSS rating of 9.1), described as unrestricted harmful file add, improper enter validation, and deserialization of untrusted knowledge, respectively.

Fixes for all 12 bugs had been included in ColdFusion 2025 replace 5, ColdFusion 2023 replace 7, and ColdFusion 2021 replace 23.

This month, Expertise Supervisor (AEM) obtained fixes for 117 vulnerabilities, 116 of that are cross-site scripting (XSS) flaws, together with two critical-severity bugs, tracked as CVE-2025-64537 and CVE-2025-64539 (CVSS rating of 9.3).

The remaining 114 XSS points are medium-severity bugs. The replace additionally resolves a high-severity defect described as dependency on a susceptible third-party element.

AEM Cloud Service launch 2025.12 and AEM variations 6.5 LTS SP1 (GRANITE-61551 Hotfix) and 6.5.24 resolve all safety defects.

Adobe has slapped a precedence score of ‘1’ on each the ColdFusion and AEM updates, urging customers to use the fixes as quickly as attainable.Commercial. Scroll to proceed studying.

On Tuesday, the corporate additionally introduced fixes for 2 high- and two medium-severity safety holes within the DNG SDK, two high- and two low-severity points in Acrobat and Reader, and one medium-severity flaw in Inventive Cloud Desktop for macOS.

Adobe says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Further info may be discovered on the corporate’s safety advisories web page.

Associated: Adobe Patches 29 Vulnerabilities

Associated: Exploitation of Vital Adobe Commerce Flaw Places Many eCommerce Websites at Threat

Associated: Organizations Warned of Exploited Adobe AEM Types Vulnerability

Associated: Adobe Patches Vital Vulnerability in Join Collaboration Suite

Security Week News Tags:, ,

Related Posts

Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People Security Week News
Tennessee Man Pleads Guilty to Repeatedly Hacking Supreme Court’s Filing System Tennessee Man Pleads Guilty to Repeatedly Hacking Supreme Court’s Filing System Security Week News
Chinese Hackers Target Chinese Users With RAT, Rootkit Chinese Hackers Target Chinese Users With RAT, Rootkit Security Week News
Details Emerge on Chinese Hacking Operation Impersonating US Lawmaker Details Emerge on Chinese Hacking Operation Impersonating US Lawmaker Security Week News
In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed Security Week News
Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks Security Week News