Different applications from Adobe are vulnerable due to weaknesses. Security updates from Adobe to May Patchday close gaps in animates, bridge, cold fusion, connect, dreamweaver, InDesign, Illustrator, Lightroom, Photoshop, substance 3D modeler, substance 3D Painter and substance 3D stager.
Admins should ensure that the applications are up to date. The developers have prepared the following issues against possible attacks:
- ANIMATE 2023.0.12 MacOS, Windows
- Animate 2024 24.0.9 MacOS, Windows
- Bridge 14.1.7 MacOS, Windows
- Bridge 15.0.4 MacOS, Windows
- Coldfusion 2021 Update 20 All platforms
- Coldfuison 2023 Update 14 All platforms
- Coldfusion 2025 Update 2 All platforms
- Connect 12.9 All platforms
- Dreamweaver 21.5 MacOS, Windows
- InDesign ID19.5.3 MacOS, Windows
- InDesign ID20.3 MacOS, Windows
- Illustrator 28.7.6 MacOS, Windows
- Illustrator 29.4 MacOS, Windows
- Lightroom 8.3 All platforms
- Photoshop 25.12.3 MacOS, Windows
- Photoshop 26.6 MacOS, Windows
- Substance 3D Modeler 1.22.0 All platforms
- Substance 3D Painter 11.0.1 All platforms
- Substance 3D Stager 3.1.1 MacOS, Windows
Various attacks can be conceived
If you do not install the updates, you risk denial-of service and malice code attacks. About a “critical“Lücke (CVE-2025-43567) In Connect, attackers can get higher user rights in a way that has not been described in more detail.” Also “critical“Several weak points (such as CVE-2025-43559) apply in cold fusion. At these points, attackers can access files that are not actually accessible.
So far there are no reports that attackers already use the security gaps. Admins should not wait too long with the installation of the patches. Adobe lists further information in the following warning messages:
Discover more from Apple News
Subscribe to get the latest posts sent to your email.