Adobe Monthly Security Update (August 2025)

Adobe has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes	Details (including CVE)
Adobe Commerce	Medium Risk	Denial of Service Elevation of Privilege Information Disclosure Cross-site Scripting Security Restriction Bypass		APSB25-71
Substance 3D Viewer	Medium Risk	Remote Code Execution		APSB25-72
Adobe Animate	Medium Risk	Remote Code Execution Information Disclosure		APSB25-73
Adobe Illustrator	Medium Risk	Remote Code Execution Denial of Service		APSB25-74
Adobe Photoshop	Medium Risk	Remote Code Execution		APSB25-75
Substance 3D Modeler	Medium Risk	Remote Code Execution Information Disclosure		APSB25-76
Substance 3D Painter	Medium Risk	Remote Code Execution Information Disclosure		APSB25-77
Substance 3D Sampler	Medium Risk	Information Disclosure		APSB25-78
Adobe InDesign	Medium Risk	Remote Code Execution Information Disclosure		APSB25-79
Adobe InCopy	Medium Risk	Remote Code Execution		APSB25-80
Substance 3D Stager	Medium Risk	Remote Code Execution Information Disclosure		APSB25-81
Adobe Experience Manager Forms	Extremely High Risk	Information Disclosure Remote Code Execution	CVE-2025-54253 is being exploited in the wild. Due to insufficient validation of user-supplied input, a remote attacker can pass specially crafted input to the application and execute arbitrary code via Struts DevMode.	APSB25-82
Adobe FrameMaker	Medium Risk	Remote Code Execution Information Disclosure		APSB25-83
Adobe Dimension	Medium Risk	Information Disclosure		APSB25-84

Number of ‘Extremely High Risk’ product(s): 1

Number of ‘High Risk’ product(s): 0

Number of ‘Medium Risk’ product(s): 13

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: Extremely High Risk

[Updated on 2025-10-16]

Updated Description, Risk Level, Solutions and Related Links.

Impact

• Remote Code Execution
• Elevation of Privilege
• Cross-Site Scripting
• Security Restriction Bypass
• Information Disclosure
• Denial of Service

System / Technologies affected

• Adobe Commerce 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier versions
• Adobe Commerce B2B 1.5.3-alpha1, 1.5.2-p1, 1.4.2-p6, 1.3.5-p11, 1.3.4-p13, 1.3.3-p14 and earlier versions
• Magento Open Source 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13 and earlier versions
• Adobe Substance 3D Viewer 0.25 and earlier versions
• Adobe Animate 2023 23.0.12 and earlier versions
• Adobe Animate 2024 24.0.9 and earlier versions
• Illustrator 2025 29.6.1 and earlier versions
• Illustrator 2024 28.7.8 and earlier versions
• Photoshop 2025 26.8 and earlier versions
• Photoshop 2024 25.12.3 and earlier versions
• Adobe Substance 3D Modeler 1.22.0 and earlier versions
• Adobe Substance 3D Painter 11.0.2 and earlier versions
• Adobe Substance 3D Sampler 5.0.3 and earlier versions
• Adobe InDesign ID20.4 and earlier versions
• Adobe InDesign ID19.5.4 and earlier versions
• Adobe InCopy  20.4 and earlier versions
• Adobe InCopy  19.5.4 and earlier versions
• Adobe Substance 3D Stager 3.1.3 and earlier versions
• Adobe FrameMaker 2020 Release Update 8 and earlier versions
• Adobe FrameMaker 2022 Release Update 6 and earlier versions
• Adobe Dimension 4.1.3 and earlier versions
• Adobe Experience Manager (AEM) Forms on JEE 6.5.23.0 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor. Please refer to ‘Details’ column in the above table for details of individual product update or run software update.

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2025&month=08

Source

• Adobe

Related Link

• https://helpx.adobe.com/security.html/security/security-bulletin.html
• https://www.cisa.gov/news-events/alerts/2025/10/15/cisa-adds-one-known-exploited-vulnerability-catalog