- 147/2025
- Critical
Adobe has released security updates to address several vulnerabilities across multiple Adobe products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, conduct denial-of-service attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Adobe Experience Manager (AEM) Forms on JEE Deserialization of Untrusted Data Vulnerability (CVE-2025-49533):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. ColdFusion Incorrect Authorization Vulnerability (CVE-2025-49536):
- CVSS: 8.1
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- Adobe ColdFusion.
- Adobe Experience Manager (AEM) Screens.
- Adobe Connect Windows App.
- Adobe InCopy.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.