- 126/2025
- Critical
Adobe has released security updates to address several vulnerabilities across multiple Adobe products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, bypass security restrictions, gain elevated privileges, conduct denial-of-service attacks, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Adobe Commerce Cross-site Scripting Vulnerability (CVE-2025-47110):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Cross-Site Scripting
2. Adobe Commerce Security Bypass Vulnerability (CVE-2025-43585):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
3. Adobe Acrobat and Reader Use After Free Vulnerability (CVE-2025-43573):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Sample of the affected products:
- Adobe Commerce.
- Adobe Acrobat Reader DC (Continuous Track).
- Adobe Experience Manager (On-premise versions including 6.5.22 and earlier).
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.