Patchday: Adobe closes critical vulnerabilities in multiple products

Dangerous vulnerabilities are present in Substance 3D Stager, Connect, Dimension, and Illustrator, among others. Current security fixes close them.

Oct 15, 2025 at 11:44 am CEST

2 min. read

Security

By

Olivia von Westernhagen

In a total of twelve security bulletins, Adobe has detailed current security vulnerabilities and available updates. Affected and now patched were Animate, Bridge, Connect, Commerce, Creative Cloud Desktop, Dimension, Experience Manager Screens, FrameMaker, Illustrator, and Substance 3D Modeler, Stager, and Viewer.

Depending on the product, the security flaws affect several versions for Windows, macOS, or all available platforms. According to the manufacturer, there is currently no known circulating exploit code or even attacks in the wild. Nevertheless, users should not postpone the updates, if they do not land automatically on their systems.

Videos by heise

Unauthorized Code Execution & Flawed Authentication

Substance 3D Stager received as many as five critical fixes, followed by Dimension with four severe vulnerabilities. However, "Critical" and "Important" ratings also appear in most of the other advisories. The only exception is Creative Cloud Desktop: here, only the macOS version is affected by a single vulnerability rated "Moderate".

As usual, the amount of information available in Adobe's advisories regarding vulnerability details is limited. However, it is noticeable that in many cases, arbitrary code execution is possible within the context of the programs. In some products, security and authentication mechanisms can also be bypassed. Adobe Connect, Commerce, and Experience Manager Screens each have multiple cross-site scripting vulnerabilities.

Further details on vulnerabilities and vulnerable versions, as well as links to available updates, can be found in the advisories: