Adobe has released a new security update addressing 30 vulnerabilities across various products, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. This Adobe security update includes patches for critical issues that could lead to code execution, arbitrary file system access, memory leaks, and other security risks.
The Adobe security update includes patches and fixes for ColdFusion, After Effects, Media Encoder, Premiere Pro, Photoshop, Animate, FrameMaker, Experience Manager (AEM), Adobe Commerce, Magento Open Source, and Adobe Bridge.
Details of the Adobe Security Update
ColdFusion Security Update: A Critical Patch for Multiple Versions
Among the most prominent fixes in the latest Adobe security update is the patch for ColdFusion, the company’s web application development platform. ColdFusion is widely used to build dynamic websites and applications, and vulnerabilities in this platform can be a risk for developers and organizations relying on it. Adobe’s security update addresses multiple security flaws, including 11 critical vulnerabilities that could lead to arbitrary code execution and unauthorized access to the file system.
The vulnerabilities were discovered in ColdFusion versions 2025, 2023, and 2021, with the following issues reported:
- Arbitrary file system read: CVE-2025-24446 and CVE-2025-30281
- Arbitrary code execution: CVE-2025-24447 and CVE-2025-30282
- Security feature bypass: CVE-2025-30288 and CVE-2025-30290
These flaws were classified as critical and important, with a CVSS (Common Vulnerability Scoring System) base score of 7.8, indicating the high potential for exploitation.
Adobe recommends that users update to the following versions to mitigate these risks:
- ColdFusion 2025: Update to version Build 331385
- ColdFusion 2023: Update to Update 13
- ColdFusion 2021: Update to Update 19
It’s crucial for users of ColdFusion to install these security updates as soon as possible to avoid the risk of cybercriminals exploiting these vulnerabilities.
After Effects and Media Encoder Security Updates
In addition to ColdFusion, Adobe also released security updates for other major products in its suite. For example, Adobe After Effects received patches for several vulnerabilities that could lead to arbitrary code execution and application crashes. These vulnerabilities were identified in After Effects versions 24.6.4 and earlier.
Adobe recommends updating to:
- After Effects 24.6.5 or After Effects 25.2 (Priority 3)
Similarly, Adobe Media Encoder, which handles media conversion and rendering, also saw updates addressing critical code execution vulnerabilities. These flaws could allow attackers to execute arbitrary code and compromise the host system.
For Adobe Media Encoder, users should update to:
- Media Encoder 24.6.5 or Media Encoder 25.2 (Priority 3)
No active exploits have been reported for these issues, but Adobe strongly encourages all users to apply the updates to maintain security.
Security Patches for Adobe Premiere Pro and Photoshop
Adobe’s latest security update also includes fixes for Adobe Premiere Pro and Adobe Photoshop, both of which are used extensively in the creative industry. For Premiere Pro, a critical vulnerability could allow attackers to execute arbitrary code, potentially compromising system integrity.
Affected versions include:
- Premiere Pro 25.1 and earlier
- Premiere Pro 24.6.4 and earlier
Adobe recommends updating to:
- Premiere Pro 25.2 or Premiere Pro 24.6.5 (Priority 3)
Similarly, Photoshop 2025 and Photoshop 2024 versions were found to contain vulnerabilities leading to arbitrary code execution. Adobe urges users to apply the following updates to mitigate the risks:
- Photoshop 2025: Update to 26.5
- Photoshop 2024: Update to 25.12.2
Vulnerabilities in Adobe Animate and Other Products
Adobe also released patches for other creative tools, including Adobe Animate, Adobe FrameMaker, and Adobe XMP Toolkit SDK. For Adobe Animate, multiple vulnerabilities were found that could result in arbitrary code execution, with the potential for memory leaks. Similarly, Adobe FrameMaker had vulnerabilities that could lead to denial-of-service attacks or arbitrary code execution.
Adobe recommends the following updates for these products:
- Animate 2023: Update to 23.0.11
- Animate 2024: Update to 24.0.8
- FrameMaker 2020: Update to FrameMaker 2020 Update 8
- FrameMaker 2022: Update to FrameMaker 2022 Update 6
As with other Adobe updates, these patches should be applied as soon as possible to prevent any exploitation.
Security Update for Adobe Experience Manager (AEM)
Adobe also addressed security concerns for Adobe Experience Manager (AEM) products, including AEM Forms on JEE and AEM Screens. Vulnerabilities in these tools could allow attackers to bypass security features or execute arbitrary code. Adobe urges users to update to the latest versions to close these security gaps.
For AEM Forms on JEE, affected versions include:
- 6.5.22.0 and earlier
For AEM Screens, updates are recommended for versions earlier than FP11.3.
Users should update to the following versions:
- AEM Forms on JEE 6.5.22.0 (AEMForms-6.5.0-0095)
- AEM Screens FP11.4
Other Adobe Products Receiving Security Updates
Apart from the flagship creative tools, Adobe has also patched vulnerabilities in Adobe Commerce, Magento Open Source, and Adobe Bridge, among other products. These patches address a range of security issues from code execution to memory leaks and denial-of-service attacks.
For Adobe Commerce and Magento, the affected versions include 2.4.8-beta2, 2.4.7-p4, and earlier versions. Adobe recommends updating to the latest versions available to mitigate the risks.
Adobe Bridge, a tool used for organizing and managing creative assets, also saw a critical patch for vulnerabilities that could allow arbitrary code execution. Affected versions include 14.1.5 and earlier and 15.0.2 and earlier. Adobe advises users to update to version 14.1.6 or 15.0.3.
Conclusion
The latest Adobe security update addresses critical vulnerabilities in several of its products, including ColdFusion, Premiere Pro, Photoshop, and Animate, which could lead to issues like arbitrary code execution, memory leaks, and security feature bypass. While no active exploits have been reported, Adobe advises users of affected versions to promptly apply the updates to mitigate these risks and ensure system security.
Source: Read More