What security updates were released for Adobe Photoshop?

Adobe Photoshop 2024 and 2025 versions received fixes for two critical issues: CVE-2025-21127 (CVSS 7.3) addressing an Uncontrolled Search Path Element vulnerability, and CVE-2025-21122 (CVSS 7.8) fixing an Integer Underflow vulnerability. Both could lead to arbitrary code execution.

What vulnerabilities were fixed in Adobe Substance 3D Stager?

Adobe Substance 3D Stager versions 3.0.4 and earlier received fixes for multiple critical vulnerabilities: CVE-2025-21128 (Stack-based Buffer Overflow), CVE-2025-21129 (Heap-based Buffer Overflow), and CVE-2025-21130 through CVE-2025-21132 (multiple Out-of-bounds Write vulnerabilities). All have CVSS scores of 7.8.

What updates were provided for Adobe Substance 3D Designer?

Adobe Substance 3D Designer version 14.0 and earlier received fixes for four critical vulnerabilities: CVE-2025-21136 and CVE-2025-21138 (Out-of-bounds Write vulnerabilities), and CVE-2025-21137 and CVE-2025-21139 (Heap-based Buffer Overflow vulnerabilities). All have CVSS scores of 7.8.

Advisory

Adobe releases January 2025 patches for multiple products

Q: How can users access these Adobe security updates?

The updates are available through the Creative Cloud desktop app's update mechanism. For managed environments, IT administrators can deploy these updates through the Admin Console. All updates are categorized as Priority 3.

published: Jan. 15, 2025

Take action: If you are using Adobe Photoshop and Substance 3D suite - read the advisory. This patch cycle is not too big, and the updates are fairly easy to apply. So it's not terrible, just apply updates.

Learn More

Adobe has released security updates for multiple products in January 2025, addressing several vulnerabilities that could lead to arbitrary code execution. Here's a comprehensive breakdown of the updates:

Adobe Photoshop - Fixed two issues deemed critical for Photoshop 2024 and 2025 versions on Windows and macOS platforms.

CVE-2025-21127 (CVSS score 7.3) - An Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution
CVE-2025-21122 (CVSS score 7.8) - An Integer Underflow vulnerability that could lead to arbitrary code execution

Adobe Substance 3D Stager - A security update has been released for versions 3.0.4 and earlier, addressing multiple critical vulnerabilities:

CVE-2025-21128 (CVSS score 7.8) - Stack-based Buffer Overflow vulnerability
CVE-2025-21129 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability
CVE-2025-21130 through CVE-2025-21132 (CVSS score 7.8) - Multiple Out-of-bounds Write vulnerabilities

Adobe Illustrator for iPad - The update addresses vulnerabilities in version 3.0.7 and earlier:

CVE-2025-21133 (CVSS score 7.8) - Integer Underflow vulnerability
CVE-2025-21134 (CVSS score 7.8) - Integer Underflow vulnerability

Adobe Animate - An update has been released for both 2023 and 2024 versions:

CVE-2025-21135 (CVSS score 7.8) - Integer Underflow vulnerability

Adobe Substance 3D Designer - The update addresses multiple critical vulnerabilities in version 14.0 and earlier:

CVE-2025-21136 (CVSS score 7.8) - Out-of-bounds Write vulnerability
CVE-2025-21137 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability
CVE-2025-21138 (CVSS score 7.8) - Out-of-bounds Write vulnerability
CVE-2025-21139 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability

Adobe reports that they are not aware of any exploits in the wild for any of these vulnerabilities. All updates are categorized as Priority 3 and are available through the Creative Cloud desktop app's update mechanism. For managed environments, IT administrators can deploy these updates through the Admin Console.

Adobe releases January 2025 patches for multiple products

Read More
Google releases November 2025 Android patch, fixes critical …
Critical VMware vulnerabilities enable Virtual Machine escape, host …
Paragon's Graphite Spyware targets European journalists through iPhone …
Pixel 6 modem critical exploit - Google advises …
North Korean hackers exploit flaw in Microsoft Edge …