Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

June 11, 2025 invoker category_news

Security Update News

Update Information

Title Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Update ID THN:FFAA299BA4685DB9EA0866BD6D2D3706
Type thn
Published 2025-06-10T18:29:00
Last Updated 2025-06-10T18:29:35

Security Impact

CVSS Score 9.1
Severity CRITICAL
Attack Vector NETWORK

Affected CVEs

  • CVE-2025-30327
  • CVE-2025-43581
  • CVE-2025-43585
  • CVE-2025-43588
  • CVE-2025-47107
  • CVE-2025-47110

Update Details

![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)

Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM).

Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23.

“Successful exploitation of these vulnerabilities could result in arbitrary code execution, privilege escalation, and security feature bypass,” Adobe said in an advisory.

Almost all the 225 vulnerabilities have been classified as cross-site scripting (XSS) vulnerabilities, specifically a mix of stored XSS and DOM-based XSS, that could be exploited to achieve arbitrary code execution.

Adobe has credited security researchers Jim Green (green-jam), Akshay Sharma (anonymous_blackzero), and lpi for discovering and reporting the XSS flaws.

The most severe of the flaws patched by the company as part of this month’s update concerns a code execution flaw in Adobe Commerce and Magento Open Source.

![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)

The critical-rated vulnerability, CVE-2025-47110 (CVSS score: 9.1) is a reflected XSS vulnerability that could result in arbitrary code execution. Also addressed is an improper authorization flaw (CVE-2025-43585, CVSS score: 8.2) that could lead to a security feature bypass.

The following versions are impacted –

* Adobe Commerce (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier, and 2.4.4-p13 and earlier)
* Adobe Commerce B2B (1.5.2 and earlier, 1.4.2-p5 and earlier, 1.3.5-p10 and earlier, 1.3.4-p12 and earlier, and 1.3.3-p13 and earlier)
* Magento Open Source (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier)

Of the remaining updates, four relate to code execution flaws in Adobe InCopy (CVE-2025-30327, CVE-2025-47107, CVSS scores: 7.8) and Substance 3D Sampler (CVE-2025-43581, CVE-2025-43588, CVSS scores: 7.8).

While none of the bugs have been listed as publicly known or exploited in the wild, users are advised to update their instances to the latest version to safeguard against potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.