What critical vulnerabilities were fixed in Adobe ColdFusion?

Critical vulnerabilities fixed in Adobe ColdFusion include: CVE-2025-24446 (CVSS 9.1) - Improper Input Validation, CVE-2025-24447 (CVSS 9.1) - Deserialization of Untrusted Data, CVE-2025-30281 (CVSS 9.1) - Improper Access Control, CVE-2025-30282 (CVSS 9.1) - Improper Authentication, CVE-2025-30284/30285 (CVSS 8.0) - Deserialization of Untrusted Data, CVE-2025-30286 (CVSS 8.0) - OS Command Injection, CVE-2025-30287 (CVSS 8.1) - Improper Authentication, CVE-2025-30288 (CVSS 7.8) - Improper Access Control, CVE-2025-30289 (CVSS 7.5) - OS Command Injection, and CVE-2025-30290 (CVSS 8.7) - Path Traversal.

Which versions of Adobe ColdFusion are affected by these vulnerabilities?

The affected versions of Adobe ColdFusion are: ColdFusion 2025 (Build 331385), ColdFusion 2023 (Update 12 and earlier versions), and ColdFusion 2021 (Update 18 and earlier versions).

What critical vulnerabilities were fixed in Adobe After Effects?

Adobe After Effects had two critical vulnerabilities fixed: CVE-2025-27182 (CVSS 7.8) - Out-of-bounds Write vulnerability and CVE-2025-27183 (CVSS 7.8) - Out-of-bounds Write vulnerability. Both could lead to arbitrary code execution.

Which versions of Adobe After Effects are affected?

The affected versions of Adobe After Effects are: After Effects 24.6.4 and earlier versions, and After Effects 25.1 and earlier versions.

What critical vulnerabilities were fixed in Adobe Media Encoder?

Adobe Media Encoder had two critical vulnerabilities fixed: CVE-2025-27194 (CVSS 7.8) - Out-of-bounds Write vulnerability and CVE-2025-27195 (CVSS 7.8) - Heap-based Buffer Overflow vulnerability. Both could lead to arbitrary code execution.

Which versions of Adobe Media Encoder are affected?

The affected versions of Adobe Media Encoder are: Media Encoder 24.6.4 and earlier versions, and Media Encoder 25.1 and earlier versions.

What critical vulnerability was fixed in Adobe Bridge?

Adobe Bridge had one critical vulnerability fixed: CVE-2025-27193 (CVSS 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Which versions of Adobe Bridge are affected?

The affected versions of Adobe Bridge are: Bridge 14.1.5 and earlier versions, and Bridge 15.0.2 and earlier versions.

What critical vulnerability was fixed in Adobe Premiere Pro?

Adobe Premiere Pro had one critical vulnerability fixed: CVE-2025-27196 (CVSS 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Which versions of Adobe Premiere Pro are affected?

The affected versions of Adobe Premiere Pro are: Premiere Pro 25.1 and earlier versions, and Premiere Pro 24.6.4 and earlier versions.

What critical vulnerability was fixed in Adobe Photoshop?

Adobe Photoshop had one critical vulnerability fixed: CVE-2025-27198 (CVSS 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Which versions of Adobe Photoshop are affected?

The affected versions of Adobe Photoshop are: Photoshop 2025 26.4.1 and earlier versions, and Photoshop 2024 25.12.1 and earlier versions.

What critical vulnerabilities were fixed in Adobe Animate?

Adobe Animate had two critical vulnerabilities fixed: CVE-2025-27199 (CVSS 7.8) - Heap-based Buffer Overflow vulnerability and CVE-2025-27200 (CVSS 7.8) - Use After Free vulnerability. Both could lead to arbitrary code execution.

Which versions of Adobe Animate are affected?

The affected versions of Adobe Animate are: Animate 2023 23.0.10 and earlier versions, and Animate 2024 24.0.7 and earlier versions.

What critical vulnerabilities were fixed in Adobe FrameMaker?

Adobe FrameMaker had six critical vulnerabilities fixed: CVE-2025-30304 (CVSS 7.8) - Out-of-bounds Write, CVE-2025-30295 (CVSS 7.8) - Heap-based Buffer Overflow, CVE-2025-30296 (CVSS 7.8) - Integer Underflow, CVE-2025-30297 (CVSS 7.8) - Out-of-bounds Write, CVE-2025-30298 (CVSS 7.8) - Stack-based Buffer Overflow, and CVE-2025-30299 (CVSS 7.8) - Heap-based Buffer Overflow. All could lead to arbitrary code execution.

Which versions of Adobe FrameMaker are affected?

The affected versions of Adobe FrameMaker are: FrameMaker 2020 Release Update 7 and earlier, and FrameMaker 2022 Release Update 5 and earlier.

What is the priority rating for the Adobe ColdFusion security updates?

The Adobe ColdFusion security updates have been assigned a Priority 1 rating, which is the highest level of importance.

What types of security risks are addressed in the April 2025 Adobe updates?

The April 2025 Adobe security updates address multiple types of security risks including arbitrary code execution, arbitrary file system read, memory leaks, and security feature bypasses. The vulnerabilities include improper input validation, deserialization of untrusted data, improper access control, improper authentication, OS command injection, path traversal, out-of-bounds write, heap-based buffer overflow, integer underflow, stack-based buffer overflow, and use-after-free vulnerabilities.

Advisory

Adobe releases April 2025 patches for multiple products

published: April 9, 2025

Take action: This month the highest priority is Adobe ColdFusion, which has a bunch of critical flaws. Then FrameMaker, and then all the rest.

Learn More

Adobe has released a significant security update on April 8, 2025, addressing 30 vulnerabilities across multiple products. This update includes patches for critical and important security flaws that could potentially lead to arbitrary code execution, arbitrary file system read, memory leaks, and security feature bypasses.

Adobe ColdFusion - Adobe has released security updates for ColdFusion versions 2025, 2023, and 2021, addressing multiple critical and important vulnerabilities. These updates have been assigned a Priority 1 rating, the highest level of importance.

Critical flaws

CVE-2025-24446 (CVSS score 9.1) - Improper Input Validation vulnerability that could lead to arbitrary file system read.
CVE-2025-24447 (CVSS score 9.1) - Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution.
CVE-2025-30281 (CVSS score 9.1) - Improper Access Control vulnerability that could lead to arbitrary file system read.
CVE-2025-30282 (CVSS score 9.1) - Improper Authentication vulnerability that could lead to arbitrary code execution.
CVE-2025-30284 (CVSS score 8.0) - Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution.
CVE-2025-30285 (CVSS score 8.0) - Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution.
CVE-2025-30286 (CVSS score 8.0) - OS Command Injection vulnerability that could lead to arbitrary code execution.
CVE-2025-30287 (CVSS score 8.1) - Improper Authentication vulnerability that could lead to arbitrary code execution.
CVE-2025-30288 (CVSS score 7.8) - Improper Access Control vulnerability that could lead to security feature bypass.
CVE-2025-30289 (CVSS score 7.5) - OS Command Injection vulnerability that could lead to arbitrary code execution.
CVE-2025-30290 (CVSS score 8.7) - Path Traversal vulnerability that could lead to security feature bypass.

Affected Versions:

ColdFusion 2025 (Build 331385)
ColdFusion 2023 (Update 12 and earlier versions)
ColdFusion 2021 (Update 18 and earlier versions)

Adobe After Effects

Critical vulnerabilities

CVE-2025-27182 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
CVE-2025-27183 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.

Affected Versions:

After Effects 24.6.4 and earlier versions
After Effects 25.1 and earlier versions

Adobe Media Encoder

Critical vulnerabilities:

CVE-2025-27194 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
CVE-2025-27195 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Affected Versions:

Media Encoder 24.6.4 and earlier versions
Media Encoder 25.1 and earlier versions

Adobe Bridge

CVE-2025-27193 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Affected Versions:

Bridge 14.1.5 and earlier versions
Bridge 15.0.2 and earlier versions

Adobe Premiere Pro

CVE-2025-27196 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Affected Versions:

Premiere Pro 25.1 and earlier versions
Premiere Pro 24.6.4 and earlier versions

Adobe Photoshop

CVE-2025-27198 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Affected Versions:

Photoshop 2025 26.4.1 and earlier versions
Photoshop 2024 25.12.1 and earlier versions

Adobe Animate

Critical vulnerabilities

CVE-2025-27199 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.
CVE-2025-27200 (CVSS score 7.8) - Use After Free vulnerability that could lead to arbitrary code execution.

Affected Versions:

Animate 2023 23.0.10 and earlier versions
Animate 2024 24.0.7 and earlier versions

Adobe FrameMaker

Critical vulnerabilities

CVE-2025-30304 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
CVE-2025-30295 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.
CVE-2025-30296 (CVSS score 7.8) - Integer Underflow vulnerability that could lead to arbitrary code execution.
CVE-2025-30297 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
CVE-2025-30298 (CVSS score 7.8) - Stack-based Buffer Overflow vulnerability that could lead to arbitrary code execution.
CVE-2025-30299 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Affected Versions:

FrameMaker 2020 Release Update 7 and earlier
FrameMaker 2022 Release Update 5 and earlier

Adobe has confirmed that it is not aware of any exploits in the wild for any of the issues addressed in these updates. However, users are strongly encouraged to update their software to the latest versions to mitigate potential security risks.

Adobe releases April 2025 patches for multiple products

Read More
Reprompt: The One-Click Attack Stealing Microsoft Copilot Data
Apple issues (second) emergency fix for vulnerabilities exploited …
Google Android March 2026 Security Bulletin Patches 129 …
Chrome 140 security update patches six vulnerabilities, one …
Samsung releases the August 2024 update for Galaxy …