Adobe Monthly Security Update (April 2025)
Release Date:
9 Apr 2025
8002
Views
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe ColdFusion |  Medium Risk | Information Disclosure Remote Code Execution Security Restriction Bypass | APSB25-15 | |
| Adobe After Effects | Medium Risk | Remote Code Execution Information Disclosure Denial of Service | APSB25-23 | |
| Adobe Media Encoder | Medium Risk | Remote Code Execution | APSB25-24 | |
| Adobe Bridge | Medium Risk | Remote Code Execution | APSB25-25 | |
| Adobe Commerce | Medium Risk | Elevation of Privilege Denial of Service Security Restriction Bypass | APSB25-26 | |
| Adobe Experience Manager Forms | Medium Risk | Security Restriction Bypass | APSB25-27 | |
| Adobe Premiere Pro | Medium Risk | Remote Code Execution | APSB25-28 | |
| Adobe Photoshop | Medium Risk | Remote Code Execution | APSB25-30 | |
| Adobe Animate | Medium Risk | Remote Code Execution Information Disclosure | APSB25-31 | |
| Adobe Experience Manager Screens | Medium Risk | Remote Code Execution | APSB25-32 | |
| Adobe FrameMaker | Medium Risk | Remote Code Execution Denial of Service Information Disclosure | APSB25-33 | |
| Adobe XMP Toolkit SDK | Medium Risk | Information Disclosure | APSB25-34 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 12
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Impact
- Remote Code Execution
- Information Disclosure
- Denial of Service
- Elevation of Privilege
- Security Restriction Bypass
System / Technologies affected
- ColdFusion 2025 Build 331385
- ColdFusion 2023 Update 12 and earlier versions
- ColdFusion 2021 Update 18 and earlier versions
- Adobe After Effects 24.6.4 and earlier versions
- Adobe After Effects 25.1 and earlier versions
- Adobe Media Encoder 24.6.4 and earlier versions
- Adobe Media Encoder 25.1 and earlier versions
- Adobe Bridge 14.1.5 and earlier versions
- Adobe Bridge 15.0.2 and earlier versions
- Adobe Commerce 2.4.8-beta2
- Adobe Commerce 2.4.7-p4 and earlier versions
- Adobe Commerce 2.4.6-p9 and earlier versions
- Adobe Commerce 2.4.5-p11 and earlier versions
- Adobe Commerce 2.4.4-p12 and earlier versions
- Adobe Commerce B2B 1.5.1 and earlier versions
- Adobe Commerce B2B 1.4.2-p4 and earlier versions
- Adobe Commerce B2B 1.3.5-p9 and earlier versions
- Adobe Commerce B2B 1.3.4-p11 and earlier versions
- Adobe Commerce B2B 1.3.3-p12 and earlier versions
- Magento Open Source 2.4.8-beta
- Magento Open Source 2.4.7-p4 and earlier versions
- Magento Open Source 2.4.6-p9 and earlier versions
- Magento Open Source 2.4.5-p11 and earlier versions
- Magento Open Source 2.4.4-p12 and earlier versions
- Adobe Experience Manager (AEM) Forms on JEE 6.5.22.0 (AEMForms-6.5.0-0093) and earlier versions
- Adobe Premiere Pro 25.1 and earlier versions
- Adobe Premiere Pro 24.6.4 and earlier versions
- Photoshop 2025 26.4.1 and earlier versions
- Photoshop 2024 25.12.1 and earlier versions
- Adobe Animate 2023 23.0.10 and earlier versions
- Adobe Animate 2024 24.0.7 and earlier versions
- Adobe Experience Manager (AEM) Screens AEM 6.5 Screens FP11.3 and earlier versions
- Adobe FrameMaker 2020 Release Update 7 and earlier versions
- Adobe FrameMaker 2022 Release Update 5 and earlier versions
- Adobe XMP-Toolkit-SDK 2023.12 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with