Adobe has released urgent security updates for 13 Creative Cloud products, fixing more than 60 vulnerabilities, most of which were rated critical and could allow attackers to execute arbitrary code or take complete control of the system.
Adobe urged all Creative Cloud users to update their apps as soon as possible after discovering serious vulnerabilities discovered through the public bug bounty program on the HackerOne platform.
Most of the fixed bugs could allow hackers to execute arbitrary code, while others could crash applications or corrupt projects. In the worst case scenario, the vulnerabilities could allow malware to be installed, data stolen, or take complete control of a device.
The updates affected products such as Adobe Commerce and Magento Open Source, which closed bugs that could have allowed hackers to hack accounts, read confidential files, or crash online stores.
Full list:
Adobe Animate – critical code execution and memory leak.
Adobe Illustrator – three code execution vulnerabilities, one DoS.
Adobe Photoshop – one critical code execution vulnerability.
Adobe InDesign – 11 critical and three memory leaks.
Adobe InCopy – eight critical vulnerabilities.
Adobe Dimension – memory leak.
Adobe FrameMaker – four critical and one memory leak.
Adobe Substance 3D Viewer – two critical vulnerabilities.
Adobe Substance 3D Modeler – three critical and ten memory leaks.
Adobe Substance 3D Painter – one critical and eight memory leaks.
Adobe Substance 3D Stager – one critical and one memory leak.
Substance 3D Sampler – memory leak.
Magento and Adobe Commerce have been the targets of large-scale attacks before, with hackers breaching more than 4,200 online stores in 2024, including Ray-Ban, Cisco, and Whirlpool, using a critical vulnerability in their systems. Adobe’s latest updates follow critical patches for Acrobat Reader in July 2025.
The company insists that there is currently no evidence of active exploitation of the bugs found, but given the history of attacks on Magento, site owners are advised not to delay updating.
Adobe’s update is a precautionary step that could save thousands of users from potential attacks. It is important for business owners and creative professionals to install patches immediately to avoid data loss, downtime, or compromised accounts.
