Adobe Monthly Security Update (April 2025)
Release Date: 9 Apr 2025
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe ColdFusion |  Medium Risk | Information Disclosure Remote Code Execution Security Restriction Bypass | APSB25-15 | |
| Adobe After Effects | Medium Risk | Remote Code Execution Information Disclosure Denial of Service | APSB25-23 | |
| Adobe Media Encoder | Medium Risk | Remote Code Execution | APSB25-24 | |
| Adobe Bridge | Medium Risk | Remote Code Execution | APSB25-25 | |
| Adobe Commerce | Medium Risk | Elevation of Privilege Denial of Service Security Restriction Bypass | APSB25-26 | |
| Adobe Experience Manager Forms | Medium Risk | Security Restriction Bypass | APSB25-27 | |
| Adobe Premiere Pro | Medium Risk | Remote Code Execution | APSB25-28 | |
| Adobe Photoshop | Medium Risk | Remote Code Execution | APSB25-30 | |
| Adobe Animate | Medium Risk | Remote Code Execution Information Disclosure | APSB25-31 | |
| Adobe Experience Manager Screens | Medium Risk | Remote Code Execution | APSB25-32 | |
| Adobe FrameMaker | Medium Risk | Remote Code Execution Denial of Service Information Disclosure | APSB25-33 | |
| Adobe XMP Toolkit SDK | Medium Risk | Information Disclosure | APSB25-34 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 12
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Impact
- Remote Code Execution
- Information Disclosure
- Denial of Service
- Elevation of Privilege
- Security Restriction Bypass
System / Technologies affected
- ColdFusion 2025 Build 331385
- ColdFusion 2023 Update 12 and earlier versions
- ColdFusion 2021 Update 18 and earlier versions
- Adobe After Effects 24.6.4 and earlier versions
- Adobe After Effects 25.1 and earlier versions
- Adobe Media Encoder 24.6.4 and earlier versions
- Adobe Media Encoder 25.1 and earlier versions
- Adobe Bridge 14.1.5 and earlier versions
- Adobe Bridge 15.0.2 and earlier versions
- Adobe Commerce 2.4.8-beta2
- Adobe Commerce 2.4.7-p4 and earlier versions
- Adobe Commerce 2.4.6-p9 and earlier versions
- Adobe Commerce 2.4.5-p11 and earlier versions
- Adobe Commerce 2.4.4-p12 and earlier versions
- Adobe Commerce B2B 1.5.1 and earlier versions
- Adobe Commerce B2B 1.4.2-p4 and earlier versions
- Adobe Commerce B2B 1.3.5-p9 and earlier versions
- Adobe Commerce B2B 1.3.4-p11 and earlier versions
- Adobe Commerce B2B 1.3.3-p12 and earlier versions
- Magento Open Source 2.4.8-beta
- Magento Open Source 2.4.7-p4 and earlier versions
- Magento Open Source 2.4.6-p9 and earlier versions
- Magento Open Source 2.4.5-p11 and earlier versions
- Magento Open Source 2.4.4-p12 and earlier versions
- Adobe Experience Manager (AEM) Forms on JEE 6.5.22.0 (AEMForms-6.5.0-0093) and earlier versions
- Adobe Premiere Pro 25.1 and earlier versions
- Adobe Premiere Pro 24.6.4 and earlier versions
- Photoshop 2025 26.4.1 and earlier versions
- Photoshop 2024 25.12.1 and earlier versions
- Adobe Animate 2023 23.0.10 and earlier versions
- Adobe Animate 2024 24.0.7 and earlier versions
- Adobe Experience Manager (AEM) Screens AEM 6.5 Screens FP11.3 and earlier versions
- Adobe FrameMaker 2020 Release Update 7 and earlier versions
- Adobe FrameMaker 2022 Release Update 5 and earlier versions
- Adobe XMP-Toolkit-SDK 2023.12 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update.
沒有留言:
發佈留言