176/68 Thursday, May 15, 2025
Adobe has released its scheduled Patch Tuesday security updates, addressing more than 39 vulnerabilities across various products. The company issued warnings about the risk of remote code execution (RCE), which could allow attackers to gain unauthorized access to systems or escalate privileges.
The most critical updates affect Adobe ColdFusion, with 7 critical vulnerabilities patched—some with a CVSS score of up to 9.1/10. These vulnerabilities could lead to arbitrary file system read, remote code execution, and privilege escalation if exploited.
Adobe also patched critical vulnerabilities in several other widely used applications:
- Adobe Photoshop (3 critical RCE vulnerabilities)
- Adobe Illustrator (1 critical RCE vulnerability—immediate patching recommended)
- Adobe Lightroom, Dreamweaver, Connect, and InDesign, which were affected by RCE and denial-of-service (DoS) issues
- Other products such as Adobe Substance 3D Painter, Adobe Bridge, and Adobe Dimension also received updates
This patch release coincided with Microsoft’s advisory on five zero-day vulnerabilities that are actively being exploited, including flaws in Microsoft Scripting Engine and Windows Common Log File System (CLFS) Driver. The timing underscores the current severity of cyber threats—especially to enterprise-level software environments.
Source https://www.securityweek.com/adobe-patches-big-batch-of-critical-severity-software-flaws/
