Several vulnerabilities in Adobe products could allow an arbitrary code execution


Several vulnerabilities have been discovered in Adobe products, the most serious of which could allow arbitrary code execution. Details of these vulnerabilities are as follows

Tactical: Execution (TA0002))

Technical: Operation for the execution of the customer (T1203):

3D painter substance:

  • Outstanding limits (CVE-2025-47108)

Adobe Incopy:

  • Whole or enveloping overflow (CVE-2025-30327)
  • Tampon department based on a pile (CVE-20125-47107)

Adobe Experience Manager:

  • Incorrect authorization (CVE-2025-46840)
  • Poor validation of the entries (CVE-2025-46837, CVE-2025-47096)
  • Inter-site scripting (XSS based on DOM) (CVE-2025-46838, CVE-2025-46848, CVE-2025-46854, CVE-2025-46865, CVE-2025-46866, CVE-2025-46870, CVE-20125-46872, CVE-46870, CVE-20125-46872, CVE-46870 CVE-2025-46890, CVE-2025-46898, CVE-2025-46954, CVE-2025-46955, CVE-2025-46956, CVE-2025-46959, CVE-20125-46963, CVE-2012 CVE-2012-46970, CVE-2025-46972, CVE-2025-46973, CVE-2025-46974, CVE-2025-46975, CVE-2025-46976, CVE-2025-4697, CVE-20125-46984, CVE-46977, CVE-20125-46984, CVE-46977, CVE-20125-46984, CVE-46977, CVE-20125-46984, CVE-46977, CVE-2012 CVE-2025-46989, CVE-2025-47005, CVE-2025-47022, CVE-2025-47025, CVE-2025-47027, CVE-2025-47032, CVE-2025-47033, CVE-20125-47034, CVE-4025-47035 CVE-2025-47036, CVE-2025-47037, CVE-2025-47038, CVE-2025-47039, CVE-2025-47040, CVE-2025-47041, CVE-2025-47042, CVE-20125-47044, CVE-4025-472 CVE-2025-47047, CVE-2025-47048, CVE-2025-47049, CVE-2025-47050, CVE-2025-47051, CVE-2025-47052, CVE-2025-47056, CVE-20125-47057, CVE-4025-473 CVE-2025-47102, CVE-2025-47117)
  • SCRIPTION OF THE CROSS SITE (XSS STOGED) (CVE-2025-46841, CVE-2025-46842, CVE-2025-46843, CVE-2025-46844, CVE-2025-46846 CVE-2025-46851, CVE-2025-46853, CVE-2025-46855, CVE-2025-46858, CVE-2025-46859, CVE-2025-46860, CVE-2025-46861, CVE-20125-46862, CVE-46861 CVE-2025-46864, CVE-2025-46871, CVE-2025-46873, CVE-2025-46876, CVE-2025-46878, CVE-2025-46879, CVE-2025-46880, CVE-20125-46881, CVE-46880 CVE-2025-46883, CVE-2025-46884, CVE-2025-46885, CVE-2025-46886, CVE-2025-46887, CVE-2025-46888, CVE-2025-46891, CVE-20125-46892, CVE-40251 CVE-2025-46894, CVE-2025-46895, CVE-2025-46899, CVE-2025-46900, CVE-2025-46901 CVE-2025-46906, CVE-2025-46907, CVE-2025-46908, CVE-2025-46909, CVE-2025-46910, CVE-2025-46911111111111111111111111 CVE-2025-46915, CVE-2025-46916, CVE-2025-46917, CVE-2025-46918, CVE-2025-46919, CVE-2025-46920, CVE-2025-46922, CVE-20125-46923, CVE-4025-46924 CVE-2025-46926, CVE-2025-46927, CVE-2025-46929, CVE-2025-46930, CVE-2025-46931, CVE-2025-46933, CVE-2025-46934, CVE-20125-46935, CVE-4025-46939 CVE-2025-46940, CVE-2025-46941, CVE-2025-46942, CVE-2025-46943, CVE-2025-46944, CVE-2025-46945, CVE-2025-46946, CVE-20125-46947, CVE-46946, CVE-20125-46947, CVE-4025, CVE-20125-46947. CVE-2025-46968, CVE-20125-46971, CVE-4025, CVE-20125-46971, CVE-46968, CVE-20125-46971, CVE-2012 CVE-2025-46979, CVE-2025-46981, CVE-2025-46982 CVE-2025-46983, CVE-2025-46985, CVE-2025-46986, CVE-2025-46987, CVE-20125-46990, CVE-4025-4691 CVE-2025-46992, CVE-2025-46995, CVE-2025-4697, CVE-2025-46999, CVE-2025-47000, CVE-2025-47002, CVE-2025-47003, CVE-2025-47004, CVE-2025-47006, CVE-2025-47004, CVE-2025-47006, CVE-2025-47007, CVE-2025-47008, CVE-2025-47010, CVE-2025-47011, CVE-2025-47012, CVE-2025-47013, CVE-2025-47014, CVE-2025-47015, CVE-2025-47016 CVE-2025-47017, CVE-2025-47019, CVE-2025-47020, CVE-2025-47021, CVE-2025-47026, CVE-2025-47029, CVE-2025-47030, CVE-20125-47031, CVE-2010-470555 CVE-2025-47060, CVE-2025-47062, CVE-2025-47065, CVE-2025-47066, CVE-2025-47067, CVE-2025-47068, CVE-2025-47069, CVE-20125-47070, CVE-4025-471 CVE-2025-47072, CVE-2025-47073, CVE-2025-47074, CVE-2025-47075, CVE-2025-47076, CVE-2025-47077, CVE-2025-47078, CVE-20125-47079, CVE-4025-478 CVE-2025-47081, CVE-2025-47082, CVE-2025-47083, CVE-2025-47084, CVE-2025-47085, CVE-2025-47086, CVE-2025-47087, CVE-20125-47088, CVE-4025-470 CVE-2025-47090, CVE-2025-47091, CVE-2025-47092, CVE-2025-47093, CVE-2025-47100, CVE-2025-47113, CVE-2025-47114, CVE-2025-47115, CVE-2025-47116)
  • Inter-site scripting (reflected xss) (CVE-2025-46857, CVE-2025-46874, CVE-2025-46875, CVE-2025-47094)
  • Incorrect access control (CVE-2025-46889)
  • Redirection of the URL to the unreliable site (“open redirection”) (CVE-2025-47095)

Adobe Commerce:

  • Inter-site script (XSS reflected) (CVE-2025-47110)
  • Incorrect authorization (CVE-2025-43585)
  • Incorrect access control (CVE-2025-27206, CVE-2025-27207, CVE-2025-43586)

Adobe Indesign:

  • Department of Tampon based on a pile (CVE-2025-30317)
  • Outstanding limits (CVE-2025-43558, CVE-2025-43590, CVE-2025-43593)
  • Use after free (CVE-2025-43589, CVE-2025-47106)
  • Read good (CVE-2025-47104, CVE-2025-47105)
  • Dereference of the void pointer (CVE-2025-30321)

3D substance sampler:

  • Outstanding limits (CVE-2025-43581, CVE-2025-43588)

Adobe acrobat and reader:

  • Use after free (CVE-2025-43573, CVE-2025-43574, CVE-2025-43576, CVE-2025-43550, CVE-2025-43577)
  • Outstanding limits (CVE-2025-43575)
  • Read good (CVE-2025-43578, CVE-2025-47112)
  • Dereference of the void pointer (CVE-2025-4711)
  • Exposure to information (CVE-2025-43579)

The successful exploitation of the most serious of these vulnerabilities could allow arbitrary execution of code in the context of the connected user. According to the privileges associated with the user, an attacker could then install programs; Show, modify or delete data; Or create new accounts with complete user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those that operate with the rights of administrative users

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

CISA publishes seven advice on industrial control systemsCISA publishes seven advice on industrial control systems

CISA publishes seven advice on industrial control systems

July 1, 2025
Several vulnerabilities in Citrix products could allow the disclosure of sensitive dataSeveral vulnerabilities in Citrix products could allow the disclosure of sensitive data

Several vulnerabilities in Citrix products could allow the disclosure of sensitive data

June 27, 2025

You may have missed

CISA publishes seven advice on industrial control systemsCISA publishes seven advice on industrial control systems

CISA publishes seven advice on industrial control systems

July 1, 2025
Several vulnerabilities in Citrix products could allow the disclosure of sensitive dataSeveral vulnerabilities in Citrix products could allow the disclosure of sensitive data

Several vulnerabilities in Citrix products could allow the disclosure of sensitive data

June 27, 2025
CISA publishes five advice from industrial control systemsCISA publishes five advice from industrial control systems

CISA publishes five advice from industrial control systems

June 17, 2025
Ransomware actors use unrefined surveillance and remote management to compromise the provider of public services billing softwareRansomware actors use unrefined surveillance and remote management to compromise the provider of public services billing software

Ransomware actors use unrefined surveillance and remote management to compromise the provider of public services billing software

June 12, 2025
Several vulnerabilities in Adobe products could allow an arbitrary code executionSeveral vulnerabilities in Adobe products could allow an arbitrary code execution

Several vulnerabilities in Adobe products could allow an arbitrary code execution

June 10, 2025
Cisa publishes four reviews of industrial control systemsCisa publishes four reviews of industrial control systems

Cisa publishes four reviews of industrial control systems

June 10, 2025