Vulnerabilities

Adobe Patches Critical Vulnerability in Connect Collaboration Suite

Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio.

Adobe vulnerabilities

Adobe on Tuesday announced patches for over 35 vulnerabilities in its products, including a critical-severity bug in the Adobe Connect collaboration suite.

The critical flaw, tracked as CVE-2025-49553 (CVSS score of 9.3), is described as a cross-site scripting (XSS) issue that could be exploited to execute arbitrary code.

Fixes for the security defect were included in Adobe Connect version 12.10 which has been rolled out to Windows and macOS systems with patches for two other flaws, including a high-severity XSS bug leading to code execution.

The company patched another high-severity XSS issue in Commerce and Magento Open Source, warning it could lead to privilege escalation. The updates also resolve a high-severity security bypass, along with three medium-severity defects leading to code execution, privilege escalation, and protection bypass.

High-severity vulnerabilities that could lead to arbitrary code execution, all with a CVSS score of 7.8, were addressed with security updates for Substance 3D Stager, Dimension, Illustrator, FrameMaker, Substance 3D Modeler, Substance 3D Viewer, Animate, and Bridge.

Although these issues have CVSS scores that place them in the ‘high severity’ category, Adobe lists them in its advisories as ‘critical’.

Advertisement. Scroll to continue reading.

Adobe’s updates for Experience Manager Screens, Animate, Substance 3D Viewer, Bridge, and Creative Cloud Desktop Application resolve a total of eight medium-severity security holes.

Adobe lists most of these security updates with a priority rating of ‘3’, meaning that it does not expect the patched bugs to be targeted in attacks, but increases the priority rating of the Commerce and Magento Open Source update to ‘2’, as these are products that have historically been at elevated risk.

The company says it is not aware of any of these issues being exploited in the wild, but users should apply the available patches as soon as possible. Additional information can be found on Adobe’s PSIRT page.

Related: Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Related: Adobe Patches Over 60 Vulnerabilities Across 13 Products

Related: Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC

Related: Adobe Patches Critical Code Execution Bugs

Related Content

Artificial Intelligence

An attacker can create a malicious repository containing a git.exe in the project root, and Cursor executes it automatically.

Vulnerabilities

A critical security defect in the ServiceNow AI platform could allow remote attackers to execute arbitrary code.

Vulnerabilities

Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.

Vulnerabilities

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

Vulnerabilities

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

Artificial Intelligence

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Vulnerabilities

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Vulnerabilities

Unauthenticated attackers could obtain the broker's confidential OAuth client secret, allowing them to take control of the broker.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version