Several vulnerabilities in Adobe products could allow an arbitrary code execution


Several vulnerabilities have been discovered in Adobe products, the most serious of which could allow arbitrary code execution. Details of these vulnerabilities are as follows

Tactical: Execution (TA0002))

Technical: Operation for the execution of the customer (T1203):

Adobe Lightroom:

  • Outstanding limits (CVE-2025-27197)

Adobe Dreamweaver:

  • Access of the resource using the incompatible type (“confusion type”) (CVE-2025-30310)

Adobe Connect:

  • Inter-site scripting (reflected xSS) (CVE-2025-43567, CVE-2025-30314, CVE-2025-30315, CVE-2025-30316)

Adobe Indesign:

  • Outstanding limits (CVE-2025-30318)
  • Dereference of the draw (CVE-2025-30319, CVE-2025-30320)

3D painter substance:

  • Outstanding limits (CVE-2025-30322)

Adobe Photoshop:

  • Underflow in whole (wrap or wrap) (CVE-2025-30324)
  • Whole or enveloping overflow (CVE-2025-30325)
  • Access of the uninisten pointer (CVE-2025-30326)

Adobe Animate:

  • Outstanding limits (CVE-2025-30328)
  • Underflow in whole (wrap or wrap) (CVE-2025-43555)
  • Whole or enveloping overflow (CVE-2025-43556)
  • Access of the uninitialized pointer (CVE-2025-43557)
  • Dereference of the draw (CVE-2025-30329)

Adobe Illustrator:

  • Tampon overflow based on a heap (CVE-2025-30330)

Adobe Bridge:

  • Access of the uninitialized pointer (CVE-2025-43545)
  • Underflow in whole (wrap or wrap) (CVE-2025-43546)
  • Whole or enveloping overflow (CVE-2025-43547)

Adobe dimension:

  • Writing out of limits (CVE-2025-43548, CVE-2025-43572)

3D Stage substance:

  • Use after free (CVE-2025-43549, CVE-2025-43568, CVE-2025-43570, CVE-2025-43571)
  • Outstanding limits (CVE-2025-43569)
  • Read good (CVE-2025-43551)

3D substance model:

  • Uncontrolled research path (CVE-2025-43553)
  • Outstanding limits (CVE-2025-43554)

Adobe Coldfusion:

  • Poor validation of the entries (CVE-2025-43559, CVE-2025-43560)
  • Incorrect access control (CVE-2025-43561, CVE-2025-43563, CVE-2025-43565)
  • Incorrect neutralization of the special elements used in a OS command (“OS command injection”) (CVE-2025-43562)
  • Incorrect authorization (CVE-2025-43564)
  • Inappropriate limitation of a path to a restricted directory (“path transport”) (CVE-2025-43566)

The successful exploitation of the most serious of these vulnerabilities could allow arbitrary execution of code in the context of the connected user. According to the privileges associated with the user, an attacker could then install programs; Show, modify or delete data; Or create new accounts with complete user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those that operate with the rights of administrative users

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

CISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructureCISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructure

CISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructure

July 31, 2025
Several vulnerabilities in Adobe products could allow an arbitrary code executionSeveral vulnerabilities in Adobe products could allow an arbitrary code execution

Several vulnerabilities in Adobe products could allow an arbitrary code execution

July 23, 2025

You may have missed

CISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructureCISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructure

CISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructure

July 31, 2025
Several vulnerabilities in Adobe products could allow an arbitrary code executionSeveral vulnerabilities in Adobe products could allow an arbitrary code execution

Several vulnerabilities in Adobe products could allow an arbitrary code execution

July 23, 2025
#StopRansomware: Interlock | CISA#StopRansomware: Interlock | CISA

#StopRansomware: Interlock | CISA

July 21, 2025
Cisa adds an exploited vulnerability known in the catalogCisa adds an exploited vulnerability known in the catalog

Cisa adds an exploited vulnerability known in the catalog

July 18, 2025
Cisa publishes thirteen reviews of industrial control systemsCisa publishes thirteen reviews of industrial control systems

Cisa publishes thirteen reviews of industrial control systems

July 10, 2025
Several vulnerabilities in Mozilla Thunderbird could allow an execution of arbitrary codeSeveral vulnerabilities in Mozilla Thunderbird could allow an execution of arbitrary code

Several vulnerabilities in Mozilla Thunderbird could allow an execution of arbitrary code

July 9, 2025