In June 2025, Adobe released a major security update that addresses 254 vulnerabilities in its products, including critical XSS errors in AEM, Magento, and Adobe Commerce. Experts advise updating systems immediately.
On June 10, 2025, Adobe released a global security update that addresses 254 vulnerabilities in the following products:
Adobe confirmed that there is no evidence of these vulnerabilities being exploited in a real-world environment, but all users are advised to update immediately.
Most of the vulnerabilities were discovered thanks to the work of independent researchers: Jim Green (green-jam), Akshay Sharma (anonymous\_blackzero), and lpi, who analyzed the deep layers of AEM, discovering XSS that had long gone unnoticed. AEM, as part of Adobe’s cloud solutions, is widely used by large companies, which is why such a number of vulnerabilities are of serious concern to the cybersecurity industry. Magento and Adobe Commerce remain key platforms for e-commerce, and therefore their protection is extremely important. An XSS attack in such systems is not just a bug, but a direct risk of compromising accounts, customer data, and even payment information.
Adobe’s update is not just another patch, but a strategic step towards reducing the attack surface in large enterprises. Vulnerabilities of this magnitude, especially in AEM, demonstrate the need for regular code audits and timely response to expert recommendations. If you manage systems based on AEM or Magento, updating to the latest version should be priority #1.
