Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

Jun 10, 2025Ravie LakshmananVulnerability / Cloud Security

Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM).

Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23.

“Successful exploitation of these vulnerabilities could result in arbitrary code execution, privilege escalation, and security feature bypass,” Adobe said in an advisory.

Almost all the 225 vulnerabilities have been classified as cross-site scripting (XSS) vulnerabilities, specifically a mix of stored XSS and DOM-based XSS, that could be exploited to achieve arbitrary code execution.

Adobe has credited security researchers Jim Green (green-jam), Akshay Sharma (anonymous_blackzero), and lpi for discovering and reporting the XSS flaws.

The most severe of the flaws patched by the company as part of this month’s update concerns a code execution flaw in Adobe Commerce and Magento Open Source.

The critical-rated vulnerability, CVE-2025-47110 (CVSS score: 9.1) is a reflected XSS vulnerability that could result in arbitrary code execution. Also addressed is an improper authorization flaw (CVE-2025-43585, CVSS score: 8.2) that could lead to a security feature bypass.

The following versions are impacted –

• Adobe Commerce (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier, and 2.4.4-p13 and earlier)
• Adobe Commerce B2B (1.5.2 and earlier, 1.4.2-p5 and earlier, 1.3.5-p10 and earlier, 1.3.4-p12 and earlier, and 1.3.3-p13 and earlier)
• Magento Open Source (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier)

Of the remaining updates, four relate to code execution flaws in Adobe InCopy (CVE-2025-30327, CVE-2025-47107, CVSS scores: 7.8) and Substance 3D Sampler (CVE-2025-43581, CVE-2025-43588, CVSS scores: 7.8).

While none of the bugs have been listed as publicly known or exploited in the wild, users are advised to update their instances to the latest version to safeguard against potential threats.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!