Critical Vulnerabilities Discovered in Multiple Adobe Products Could Allow Arbitrary Code Execution

May 14, 2025

Multiple vulnerabilities have been identified in various Adobe products, with the most critical potentially allowing attackers to execute arbitrary code on affected systems. Adobe develops widely-used software for creating and publishing content across graphics, photography, illustration, animation, multimedia, film, and print.

If successfully exploited, these vulnerabilities could enable attackers to execute code with the privileges of the currently logged-in user. Depending on the user’s permission level, an attacker might be able to install applications, view or alter data, delete files, or create new user accounts with full access rights. Systems where users have limited privileges are less likely to experience severe impacts compared to those operated under administrative accounts.

Affected Systems Include

Adobe Lightroom: 8.2 and earlier (CVE-2025-27197)
Adobe Dreamweaver: 21.4 and earlier (CVE-2025-30310)
Adobe Connect: 12.8 and earlier (CVE-2025-43567, CVE-2025-30314, CVE-2025-30315, CVE-2025-30316)
Adobe InDesign: ID20.2 and earlier, ID19.5.2 and earlier (CVE-2025-30318, CVE-2025-30319, CVE-2025-30320)
Adobe Substance 3D Painter: 11.0 and earlier (CVE-2025-30322)
Photoshop: 2025 (26.5 and earlier), 2024 (25.12.2 and earlier) (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326)
Adobe Animate: 2023 (23.0.11 and earlier), 2024 (24.0.8 and earlier) (CVE-2025-30328, CVE-2025-43555, CVE-2025-43556,CVE-2025-43557, CVE-2025-30329)
Illustrator: 2025 (29.3 and earlier), 2024 (28.7.5 and earlier) (CVE-2025-30330)
Adobe Bridge: 14.1.6 and earlier, 15.0.3 and earlier (CVE-2025-43545, CVE-2025-43546, CVE-2025-43547)
Adobe Dimension: 4.1.1 and earlier (CVE-2025-43548, CVE-2025-43572)
Adobe Substance 3D Stager: 3.1.1 and earlier CVE-2025-43549, CVE-2025-43568, CVE-2025-43570, CVE-2025-43571, CVE-2025-43569,CVE-2025-43551)
Adobe Substance 3D Modeler: 1.21.0 and earlier (CVE-2025-43553, CVE-2025-43554)
ColdFusion: 2025 and earlier, 2023 and earlier, 2021 and earlier (CVE-2025-43559, CVE-2025-43560, CVE-2025-43561, CVE-2025-43563, CVE-2025-43565, CVE-2025-43562, CVE-2025-43564, CVE-2025-43566)

Users and administrators are strongly advised to apply available updates and security patches to minimize risk.

Follow Cybersecurity88 on X and Linkedin for the latest cybersecurity news

Did you like the post? Share it in your media

Axios Supply Chain Attack Exposes Developers to Cross-Platform RAT via Compromised npm Account

March 31, 2026 · Chetna Sehgal

A serious cybersecurity issue has recently come up involving Axios, which is a very popular JavaS...

Hacker Charged in $53 Million Uranium Finance Crypto Heist Linked to Smart Contract Exploit

March 31, 2026 · Chetna Sehgal

A major case of cryptocurrency theft has recently come into the spotlight, where a hacker has bee...

EU Cloud Systems Targeted in Cyberattack, Data Breach Confirmed by European Commission

March 30, 2026 · Chetna Sehgal

In March 2026, the European Commission confirmed that its official web platform, Europa.eu, was t...

Stealth Cyber Campaign Hits Southeast Asian Government, Linked to China-Based Threat Groups

March 30, 2026 · Chetna Sehgal

In 2025, a serious cyberattack campaign was discovered targeting a government organization in Sou...

Bearlyfy Targets 70+ Russian Firms Using Custom GenieLocker Ransomware

March 27, 2026 · Chetna Sehgal

A cybercriminal group known as Bearlyfy has recently carried out multiple ransomware attacks. Mor...

Ajax Cyber Breach Exposes Fan Data and Enables Ticket System Manipulation

March 27, 2026 · Chetna Sehgal

A serious cybersecurity issue has recently come to light involving AFC Ajax. The club confirmed t...

Critical Vulnerabilities Discovered in Multiple Adobe Products Could Allow Arbitrary Code Execution

Did you like the post? Share it in your media

Top Articles

Topics from this Article

Stay Ahead in Cybersecurity and Tech!

Latest Articles

Axios Supply Chain Attack Exposes Developers to Cross-Platform RAT via Compromised npm Account

March 31, 2026 · Chetna Sehgal

Hacker Charged in $53 Million Uranium Finance Crypto Heist Linked to Smart Contract Exploit

March 31, 2026 · Chetna Sehgal

EU Cloud Systems Targeted in Cyberattack, Data Breach Confirmed by European Commission

March 30, 2026 · Chetna Sehgal

Stealth Cyber Campaign Hits Southeast Asian Government, Linked to China-Based Threat Groups

March 30, 2026 · Chetna Sehgal

Bearlyfy Targets 70+ Russian Firms Using Custom GenieLocker Ransomware

March 27, 2026 · Chetna Sehgal

Ajax Cyber Breach Exposes Fan Data and Enables Ticket System Manipulation

March 27, 2026 · Chetna Sehgal

Critical Vulnerabilities Discovered in Multiple Adobe Products Could Allow Arbitrary Code Execution

Did you like the post? Share it in your media

Top Articles

Topics from this Article

Stay Ahead in Cybersecurity and Tech!

Latest Articles

Axios Supply Chain Attack Exposes Developers to Cross-Platform RAT via Compromised npm Account

March 31, 2026 · Chetna Sehgal

Hacker Charged in $53 Million Uranium Finance Crypto Heist Linked to Smart Contract Exploit

March 31, 2026 · Chetna Sehgal

EU Cloud Systems Targeted in Cyberattack, Data Breach Confirmed by European Commission

March 30, 2026 · Chetna Sehgal

Stealth Cyber Campaign Hits Southeast Asian Government, Linked to China-Based Threat Groups

March 30, 2026 · Chetna Sehgal

Bearlyfy Targets 70+ Russian Firms Using Custom GenieLocker Ransomware

March 27, 2026 · Chetna Sehgal

Ajax Cyber Breach Exposes Fan Data and Enables Ticket System Manipulation

March 27, 2026 · Chetna Sehgal

Join 1M+ professionals getting exclusive insights about CyberSecurity