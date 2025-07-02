The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued an alert highlighting critical vulnerabilities across several Adobe software products. The alert, tagged as CIVN-2025-0137, was released on 1 July and carries a medium severity rating. The identified vulnerabilities could enable cyber attackers to perform a range of malicious actions.(AP)

Adobe Products Affected

According to CERT-In, a wide array of Adobe’s creative, productivity, and e-commerce software is vulnerable. Affected versions include:

Adobe InCopy (up to versions 20.3 and 19.5.4)

Adobe Experience Manager (AEM) (up to 6.5.23 and CS 2025.5)

Adobe Commerce & Commerce B2B (versions before 2.4.8)

Magento Open Source (before 2.4.8)

Adobe InDesign (up to ID20.3 and ID19.5.4)

Adobe Substance 3D Sampler (up to 5.0.3)

Adobe Acrobat and Reader (Windows and Mac prior to builds 25.001.20531 and 25.001.20529)

Acrobat 2024 and 2020 (prior to 24.001.30254 and 20.005.30744)

Adobe Substance 3D Painter (before 11.0.2)

What’s at Risk?

The identified vulnerabilities could enable cyber attackers to perform a range of malicious actions. These include bypassing security restrictions, executing arbitrary code, conducting cross-site scripting (XSS) attacks, gaining elevated privileges, and even accessing sensitive user data. In certain cases, they may cause denial-of-service (DoS) disruptions.

These risks are primarily due to issues like memory corruption, improper input validation, and insecure handling of user data—making the vulnerabilities particularly dangerous in enterprise environments.

Who Should Be Concerned?

The advisory is directed at system administrators, IT security professionals, and end-users of Adobe’s affected software. Organisations that depend heavily on Adobe for creative production, document workflows, or online commerce should treat this alert as urgent.

Recommended Actions

CERT-In urges users and IT teams to take the following steps to protect their systems:

Install all latest security patches released by Adobe

Monitor network activity for unusual or unauthorised behaviour

Avoid opening suspicious files or clicking unfamiliar links

Keep antivirus and endpoint protection updated

Use application allowlisting to restrict unapproved software execution

Users can access updates and more detailed advisories through the Cyber Swachhta Kendra and Adobe’s official website.