Adobe on Tuesday announced the rollout of security fixes for 58 vulnerabilities across 13 products, including three critical-severity flaws in Adobe Connect, ColdFusion, and Experience Manager Forms (AEM Forms) on JEE.
The most severe of these bugs is CVE-2025-49533 (CVSS score of 9.8), a deserialization of untrusted data in AEM Forms on JEE that could lead to arbitrary code execution.
Although it says it is not aware of any exploits in the wild targeting the security defect, Adobe marked the patch as priority 1, urging users to update to AEM Forms on JEE version 6.5.0.0.20250527.0.
Also marked priority 1, the ColdFusion fixes resolve a total of 13 security defects, including CVE-2025-49535 (CVSS score of 9.3), an improper restriction of XML external entity reference (XXE) bug that could allow attackers to execute arbitrary code on vulnerable systems.
Adobe’s advisory marks four other flaws as critical, even if they are categorized as high-severity, based on their CVSS score. Successful exploitation of these issues could lead to privilege escalation, security feature bypass, and arbitrary file system read, Adobe says.
Tracked as CVE-2025-27203 (CVSS score of 9.3), the critical-severity vulnerability resolved in Adobe Connect is described as a deserialization of untrusted data issue that could lead to arbitrary code execution.
On Tuesday, Adobe also warned of critical code execution defects in Dimension, FrameMaker, Illustrator, InDesign, InCopy, and Substance 3D Viewer. All these issues have a CVSS score of 7.8.
Patches were also released for medium-severity flaws in After Effects, Audition, Dimension, Experience Manager Screens, FrameMaker, Illustrator, Substance 3D Stager, and Substance 3D Viewer.
Adobe says it is not aware of public exploits for any of these vulnerabilities, but users are advised to update their applications as soon as possible, as hackers are known to have targeted Adobe vulnerabilities in attacks.
Related: Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce
Related: Adobe Patches Big Batch of Critical-Severity Software Flaws
Related:Adobe Calls Urgent Attention to Critical ColdFusion Flaws
