Advisories

CERT-In Advisory CIAD-2025-0053

Multiple Vulnerabilities in Adobe Products

Original Issue Date: December 15, 2025

Severity Rating: Critical

Software Affected

Acrobat DC 25.001.20982 and earlier versions for Windows & macOS
Acrobat Reader DC 25.001.20982 and earlier versions for Windows & macOS
Acrobat Reader 2020 Mac - 20.005.30803 and earlier versions for Windows & macOS
Acrobat Reader 2020 Win - 20.005.30793 and earlier versions for Windows & macOS
Acrobat 2020 Mac - 20.005.30803 and earlier versions for Windows & macOS
Acrobat 2020 Win - 20.005.30793 and earlier versions for Windows & macOS
Acrobat 2024 Mac - 24.001.30273 and earlier versions for Windows & macOS
Acrobat 2024 Win - 24.001.30264 and earlier versions for Windows & macOS
Adobe DNG Software Development Kit (SDK) DNG SDK 1.7.0 and earlier versions for Windows
Adobe Experience Manager (AEM) AEM Cloud Service (CS) for All
Adobe Experience Manager (AEM) 6.5 LTS and earlier versions for All
Adobe Experience Manager (AEM) 6.5.23 and earlier versions for All
ColdFusion 2021 Update 22 and earlier versions for All
ColdFusion 2023 Update 16 and earlier versions for All
ColdFusion 2025 Update 4 and earlier versions for All
Creative Cloud Desktop Application 6.4.0.361 and earlier versions for macOS

Overview

Multiple Vulnerabilities have been reported in Adobe products which could be exploited by an attacker to gain elevated privileges, bypass security restrictions, execute arbitrary code, obtain sensitive information or cause Denial of service (DoS) condition on the targeted system.

Target audience:
System administrators, Security teams or end-users of Adobe software products.

Risk Assessment:
High risk of unauthorized access to sensitive data, system compromise.

Impact Assessment:
Potential for data theft, remote code execution or service disruption.

Description

Multiple vulnerabilities exist in Adobe products due to Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Restriction of XML External Entity Reference; Deserialization of Untrusted Data, Improper Access Control, Insufficiently Protected Credentials, Integer Overflow or Wraparound, Heap-based Buffer Overflow, Out-of-bounds Read, Untrusted Search Path and Creation of Temporary File in Directory with Incorrect Permissions.

Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, bypass security restrictions, execute arbitrary code, obtain sensitive information or cause Denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate updates as mentioned in the Adobe Security Bulletin.
https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html
https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html
https://helpx.adobe.com/security/products/dng-sdk/apsb25-118.html
https://helpx.adobe.com/security/products/acrobat/apsb25-119.html
https://helpx.adobe.com/security/products/creative-cloud/apsb25-120.html

Vendor Information

Adobe
https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html
https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html
https://helpx.adobe.com/security/products/dng-sdk/apsb25-118.html
https://helpx.adobe.com/security/products/acrobat/apsb25-119.html
https://helpx.adobe.com/security/products/creative-cloud/apsb25-120.html

References

CVE Name
CVE-2025-61808
CVE-2025-61809
CVE-2025-61810
CVE-2025-61811
CVE-2025-61812
CVE-2025-61813
CVE-2025-61821
CVE-2025-61822
CVE-2025-61823
CVE-2025-61830
CVE-2025-64537
CVE-2025-64539
CVE-2025-64541
CVE-2025-64542
CVE-2025-64543
CVE-2025-64544
CVE-2025-64545
CVE-2025-64546
CVE-2025-64547
CVE-2025-64548
CVE-2025-64549
CVE-2025-64550
CVE-2025-64551
CVE-2025-64552
CVE-2025-64553
CVE-2025-64554
CVE-2025-64555
CVE-2025-64556
CVE-2025-64557
CVE-2025-64558
CVE-2025-64559
CVE-2025-64560
CVE-2025-64562
CVE-2025-64563
CVE-2025-64564
CVE-2025-64565
CVE-2025-64569
CVE-2025-64572
CVE-2025-64574
CVE-2025-64575
CVE-2025-64576
CVE-2025-64577
CVE-2025-64578
CVE-2025-64579
CVE-2025-64580
CVE-2025-64581
CVE-2025-64582
CVE-2025-64583
CVE-2025-64585
CVE-2025-64586
CVE-2025-64590
CVE-2025-64591
CVE-2025-64592
CVE-2025-64593
CVE-2025-64594
CVE-2025-64596
CVE-2025-64597
CVE-2025-64598
CVE-2025-64598
CVE-2025-64600
CVE-2025-64601
CVE-2025-64602
CVE-2025-64603
CVE-2025-64604
CVE-2025-64605
CVE-2025-64606
CVE-2025-64607
CVE-2025-64609
CVE-2025-64610
CVE-2025-64611
CVE-2025-64612
CVE-2025-64614
CVE-2025-64615
CVE-2025-64616
CVE-2025-64619
CVE-2025-64620
CVE-2025-64622
CVE-2025-64623
CVE-2025-64626
CVE-2025-64627
CVE-2025-64783
CVE-2025-64784
CVE-2025-64785
CVE-2025-64786
CVE-2025-64787
CVE-2025-64789
CVE-2025-64790
CVE-2025-64791
CVE-2025-64792
CVE-2025-64793
CVE-2025-64794
CVE-2025-64796
CVE-2025-64797
CVE-2025-64799
CVE-2025-64800
CVE-2025-64801
CVE-2025-64802
CVE-2025-64803
CVE-2025-64804
CVE-2025-64808
CVE-2025-64814
CVE-2025-64817
CVE-2025-64820
CVE-2025-64821
CVE-2025-64822
CVE-2025-64823
CVE-2025-64825
CVE-2025-64826
CVE-2025-64827
CVE-2025-64829
CVE-2025-64833
CVE-2025-64839
CVE-2025-64840
CVE-2025-64841
CVE-2025-64845
CVE-2025-64847
CVE-2025-64850
CVE-2025-64852
CVE-2025-64853
CVE-2025-64857
CVE-2025-64858
CVE-2025-64860
CVE-2025-64861
CVE-2025-64863
CVE-2025-64869
CVE-2025-64872
CVE-2025-64873
CVE-2025-64874
CVE-2025-64875
CVE-2025-64881
CVE-2025-64887
CVE-2025-64888
CVE-2025-64893
CVE-2025-64894
CVE-2025-64894
CVE-2025-64897
CVE-2025-64898
CVE-2025-64899

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India