Skip to content

Adobe patches over 30 vulnerabilities in its software suite, 11 critical

  • by
  • 3 min read

Adobe has issued patches for 30 security vulnerabilities in its Creative Suite of applications and ColdFusion versions 2025, 2024, and 2021. 11 of the patched bugs are rated critical on the CVSS scale and can result in malicious file access and arbitrary code execution if exploited.

Adobe’s advisory states that fixes have been patched for ColdFusion 2021 Update 19, ColdFusion 2023 Update 13, and ColdFusion 2025 Update 1. Additionally, patches for After Effects, Media Encoder, Bridge, Premiere Pro, Photoshop, Animate, and FrameMaker have also been issued.

This is an image of hacked security illustration 11

The 11 critical vulnerabilities are as follows:

  • CVE-2025-24445: Rated 9.1 on the CVSS scale, the bug can lead to arbitrary file system read.
  • CVE-2025-24447: Rated 9.1 on the CVSS scale, it’s a deserialisation of untrusted data vulnerability that can lead to arbitrary code execution if exploited.
  • CVE-2025-30281: Rated 9.1 on the CVSS scale, this is an improper access control vulnerability that can lead to arbitrary file system read access.
  • CVE-2025-30282: Also rated 9.1 on the CVSS scale, this is an improper authentication bug that can cause malicious code execution.
  • CVE-2025-30284: Rated 8.0 on the CVSS scale, this is also a deserialisation of untrusted data vulnerability that can lead to arbitrary code execution if exploited.
  • CVE-2025-30285: Rated 8.0 on the CVSS scale, this is also a deserialisation of untrusted data vulnerability that can lead to arbitrary code execution.
  • CVE-2025-30286: Rated 8.0 on the CVSS scale, this is an OS command injection bug that can cause arbitrary code execution.
  • CVE-2025-30287: Rated 8.1 on the CVSS scale, this is another improper authentication bug that can cause malicious code execution.
  • CVE-2025-30288: Rated 7.8 on the CVSS scale, this is another improper authentication bug that can cause malicious code execution.
  • CVE-2025-30289: Rated 7.5 on the CVSS scale, this is also an OS command injection bug that can cause arbitrary code execution.
  • CVE-2025-30290: Rated 8.7 on the CVSS scale, this is a path traversal bug that can bypass security features.

The software giant isn’t aware of any exploits in the wild for the vulnerabilities mentioned above. However, users of affected programs are advised to update their installations as soon as possible.

In the News: Over 5,000 Ivanti VPN appliances still at risk after patches

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of facebook ads instagram 23898

Android users are getting bombarded with unskippable ads

Photo: in green / shutterstock. Com

High-severity Chrome flaw exploited in the wild patched

This is an image of hacked security illustration 11

Novel infostealer caught stealing browser data and crypto wallet extensions

This is an image of malware featured security

Malware targets 6 countries using fake invoice emails

This is an image of data breach featured cybersecurity 113 e1666861228304

M&S confirms data leak during cyberattack

Photo: arnav pratap singh / shutterstock. Com

UPI outage disrupts Indian payment systems

>