- 229/2025
- Critical
Adobe has released security updates to address several vulnerabilities across multiple Adobe products.
The addressed vulnerabilities could allow the attacker to perform denial of service or cross-site scripting attacks, bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Adobe Connect Cross-Site Scripting Vulnerability (CVE-2025-49553):
- CVSS: 9.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. Adobe Commerce Security Bypass Vulnerability (CVE-2025-54263):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Sample of the Affected Products:
- Adobe Connect.
- Adobe Commerce and Magento Open Source.
- Adobe Experience Manager Screens.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.