Multiple Vulnerabilities Addressed in Adobe’s September 2025 Patch Tuesday Updates

Published Date: September 11, 2025
Category: ShadowOpsIntel
Share:

Adobe’s September 2025 Patch Tuesday updates address critical and important vulnerabilities in various Adobe products. These vulnerabilities range from arbitrary code execution to security feature bypasses, highlighting the importance of applying the updates promptly to ensure product security.

Severity Level: Critical

Vulnerability Details

  • Adobe has issued security updates that fix a total of 22 vulnerabilities across Acrobat and Reader, After Effects, Premiere Pro, Commerce, Substance 3D Viewer, Experience Manager, Dreamweaver, Substance 3D Modeler, and ColdFusion.
  • CVEs: CVE-2025-54257, CVE-2025-54255, CVE-2025-54239, CVE-2025-54240, CVE-2025-54241, CVE-2025-54242, CVE-2025-54236, CVE-2025-54243, CVE-2025-54244, CVE-2025-54245, CVE-2025-54248, CVE-2025-54246, CVE-2025-54247, CVE-2025-54249, CVE-2025-54250, CVE-2025-54251, CVE-2025-54252, CVE-2025-54256, CVE-2025-54258, CVE-2025-54259, CVE-2025-54260, and CVE-2025-54261
  • The vulnerabilities primarily involve issues like CSRF, Stored XSS, Heap-based Buffer Overflow, Improper Input Validation, Path Traversal, Incorrect Authorization, Integer Overflow or Wraparound, Out-of-bounds Read or Write, SSRF, Use After Free, Violation of Secure Design Principles, and XML Injection.
  • Exploiting these vulnerabilities can lead to arbitrary code execution, security feature bypasses, memory exposure, and arbitrary file system write.

Affected Products

  • Adobe Substance 3D Modeler: 1.22.2 and earlier versions
  • Adobe Dreamweaver: 21.5 and earlier versions
  • Adobe Experience Manager (AEM):
  • AEM Cloud Service (CS)
  • 6.5 LTS SP1 and earlier versions; 6.5.23 and earlier versions
  • Adobe Substance 3D Viewer: 0.25.1 and earlier versions
  • Adobe Commerce: 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, 2.4.5-p14 and earlier, 2.4.4-p15 and earlier
  • Adobe Commerce B2B: 1.5.3-alpha2 and earlier, 1.5.2-p2 and earlier, 1.4.2-p7 and earlier, 1.3.4-p14 and earlier, 1.3.3-p15 and earlier
  • Magento Open Source: 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, 2.4.5-p14 and earlier
  • Adobe Premiere Pro: 25.3 and earlier versions; 24.6.5 and earlier versions
  • Adobe After Effects: 24.6.7 and earlier versions; 25.3 and earlier versions
  • ColdFusion 2025: Update 3 and earlier versions
  • ColdFusion 2023: Update 15 and earlier versions
  • ColdFusion 2021: Update 21 and earlier versions
  • Acrobat DC and Acrobat Reader DC Continuous: Win – 25.001.20672 and earlier, Mac – 25.001.20668 and earlier
  • Acrobat 2024 Classic: Win & Mac – 24.001.30254 and earlier
  • Acrobat 2020 and Acrobat Reader 2020 Classic: Win & Mac – 20.005.30774 and earlier

Recommendations

  1. Immediately update all affected Adobe products to their latest versions as listed in the security bulletins. This will ensure that the critical vulnerabilities are patched, and your systems are secure.

    Fixed Versions:
    • ColdFusion: Update to 2025 Update 4, 2023 Update 16, 2021 Update 22
    • Substance 3D Modeler: Update to 1.22.4
    • Dreamweaver: Update to 21.6
    • Experience Manager: Update to the latest hotfix or version
    • Substance 3D Viewer: Update to 0.25.2
    • Commerce/Magento: Apply the hotfix for CVE-2025-54236
    • Premiere Pro: Update to 25.4, 24.6.8
    • After Effects: Update to 24.6.8, 25.4
    • Acrobat DC and Reader DC: Update to 25.001.20693
    • Acrobat 2024: Update to 24.001.30264
    • Acrobat 2020 and Reader 2020: Update to 20.005.30793 (Win) & 20.005.30791 (Mac)

Source:

  • https://helpx.adobe.com/security/products/acrobat/apsb25-85.html
  • https://helpx.adobe.com/security/products/after_effects/apsb25-86.html
  • https://helpx.adobe.com/security/products/premiere_pro/apsb25-87.html
  • https://helpx.adobe.com/security/products/magento/apsb25-88.html
  • https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-89.html
  • https://helpx.adobe.com/security/products/experience-manager/apsb25-90.html
  • https://helpx.adobe.com/security/products/dreamweaver/apsb25-91.html
  • https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-92.html
  • https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.