"For September, Adobe released nine bulletins addressing 22 unique CVEs in Adobe Acrobat Reader, After Effects, Premiere Pro, Commerce, Substance 3D Viewer, Experience Manager, Dreamweaver, Adobe 3D Substance Modeler, and ColdFusion. Of these, the ColdFusion update is the only Priority 1 patch, although Adobe notes no exploitation has been detected. The patch for Commerce addresses a single, Critical-rated bug that is rated a priority 2. Again, no exploitation is noted."
"The patch for After Effects fixes three Important-rated bug fixes three Important-rated bugs. There's a single bug in Premiere Pro that could lead to code execution. The fix for Substance 3D Viewer addresses three separate code execution bugs. That's the same for the patch for Substance 3D Modeler. The fix for Experience Manager is the largest patch this month, with seven fixes. However, only one of these is rated Critical. The bug is Dreamweaver corrects a single Cross-Site Request Forgery (CSRF) bug."
September 2025 Adobe updates include nine bulletins addressing 22 CVEs in Acrobat Reader, After Effects, Premiere Pro, Commerce, Substance 3D Viewer, Experience Manager, Dreamweaver, 3D Substance Modeler, and ColdFusion. ColdFusion is the only Priority 1 patch and no exploitation has been detected. The Commerce patch fixes a Critical-rated bug (priority 2) with no reported exploitation. Acrobat receives one Critical and one Moderate fix. After Effects and the Substance 3D apps include multiple code-execution fixes. Experience Manager has seven fixes with one Critical issue. Dreamweaver corrects a CSRF bug. Most Adobe updates are deployment priority 3. Microsoft released 80 CVEs across Windows, Office, Edge (Chromium), Azure, Hyper-V, SQL Server, and Defender.
Read at Zero Day Initiative
Unable to calculate read time
Collection
[
|
...
]