Adobe vulnerabilities have once again taken center stage as the company rolls out security patches to fix more than 35 flaws across its products. The October 2025 update includes a critical fix for Adobe Connect, the company’s collaboration suite, alongside several high-severity patches for other creative and enterprise applications.
One of the most serious Adobe vulnerabilities, tracked as CVE-2025-49553 with a CVSS score of 9.3, affects Adobe Connect and could allow attackers to execute arbitrary code through a cross-site scripting (XSS) flaw. The fix is available in version 12.10 for both Windows and macOS. This release also addresses two other significant bugs, including another XSS vulnerability that could enable code execution on vulnerable systems.
Adobe has also resolved a separate high-severity XSS flaw in its Commerce and Magento Open Source platforms. This issue could allow privilege escalation, giving attackers more control over affected environments. The update further includes a fix for a security bypass and three medium-severity issues that could enable code execution, privilege escalation, or protection bypass.
In addition to these fixes, Adobe vulnerabilities were found across several design and creative tools. Security updates have been issued for Substance 3D Stager, Dimension, Illustrator, FrameMaker, Substance 3D Modeler, Substance 3D Viewer, Animate, and Bridge. Each of these flaws carries a CVSS score of 7.8, classifying them as high-severity issues that could potentially allow arbitrary code execution. Interestingly, Adobe lists many of these high-rated vulnerabilities as “critical” in its official advisories, underscoring their potential impact if left unpatched.
Updates for Adobe Experience Manager Screens, Animate, Substance 3D Viewer, Bridge, and the Creative Cloud Desktop Application also fix eight medium-severity vulnerabilities. While these are not as severe as the critical ones, they still pose risks such as data exposure or unauthorized actions within Adobe’s ecosystem.
Most of the patched Adobe vulnerabilities carry a priority rating of “3,” suggesting the company does not expect immediate exploitation in the wild. However, the Commerce and Magento Open Source update is marked as “2,” meaning there is a higher chance these systems could be targeted due to their history of being exploited in previous attacks.
Adobe confirmed it has not yet observed any of these vulnerabilities being actively used in real-world attacks, but urged users to install the latest patches without delay. The company emphasized that proactive updates are the most effective way to mitigate potential threats before they can be weaponized.
For more technical details and mitigation steps, users can review Adobe’s official Product Security Incident Response Team (PSIRT) page. Keeping systems updated remains critical, especially as Adobe vulnerabilities continue to be an attractive target for cybercriminals seeking to exploit popular software used across industries.
