Adobe has recently rolled out a new security update that addresses 30 vulnerabilities present in various products. This update includes critical bugs in ColdFusion versions 2025, 2023, and 2021 that have the potential to cause arbitrary file read and code execution. The security update encompasses patches for issues that could lead to code execution, arbitrary access to the file system, memory leaks, and other security risks.
The extensive Adobe security update covers multiple products such as ColdFusion, After Effects, Media Encoder, Premiere Pro, Photoshop, Animate, FrameMaker, Experience Manager (AEM), Adobe Commerce, Magento Open Source, and Adobe Bridge.
Among the notable highlights of this security update is the critical patch for ColdFusion, a widely used web application development platform by Adobe. Vulnerabilities in ColdFusion versions 2025, 2023, and 2021 have been addressed, including 11 critical vulnerabilities that could result in arbitrary code execution and unauthorized file system access.
Specific issues reported in ColdFusion versions include arbitrary file system read (CVE-2025-24446 and CVE-2025-30281), arbitrary code execution (CVE-2025-24447 and CVE-2025-30282), and security feature bypass (CVE-2025-30288 and CVE-2025-30290), all classified as critical. Adobe strongly recommends users to update to the latest versions to mitigate the risks associated with these vulnerabilities.
In addition to ColdFusion, Adobe has released security updates for After Effects and Media Encoder. After Effects received patches for vulnerabilities in versions 24.6.4 and earlier that could lead to arbitrary code execution. Users are advised to update to After Effects 24.6.5 or After Effects 25.2 to address these issues.
Similarly, vulnerabilities in Adobe Media Encoder that could allow attackers to execute arbitrary code and compromise the host system have been patched. Users of Adobe Media Encoder should update to versions 24.6.5 or 25.2.
Adobe’s security update also covers critical vulnerabilities in Adobe Premiere Pro and Photoshop. Premiere Pro versions 25.1 and earlier, as well as 24.6.4 and earlier, were found to have vulnerabilities leading to arbitrary code execution. It is recommended to update to Premiere Pro 25.2 or Premiere Pro 24.6.5 to mitigate these risks.
For Photoshop versions 2025 and 2024, updates to versions 26.5 and 25.12.2 are advised to address vulnerabilities related to arbitrary code execution. Users are urged to apply these updates promptly to avoid exploitation.
Additionally, Adobe has released security patches for other creative tools such as Adobe Animate, FrameMaker, and XMP Toolkit SDK. Updates for these products should be installed as soon as possible to prevent any potential security threats.
Furthermore, Adobe has addressed security concerns for Adobe Experience Manager (AEM) products, including AEM Forms on JEE and AEM Screens. Vulnerabilities in these tools could lead to security feature bypass or arbitrary code execution. Users are recommended to update to the latest versions to mitigate these security vulnerabilities.
For AEM Forms on JEE and AEM Screens, specific versions have been identified for updates to ensure maximum security. Users should update to the recommended versions to enhance the security of their systems.
In conclusion, the latest Adobe security update aims to close critical vulnerabilities present in various products, ensuring the safety and security of users. It is crucial for users to apply these updates promptly to safeguard their systems from potential threats.