Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.
SYSTEMS AFFECTED:
  • Adobe Commerce 2.4.7-beta1
  • Adobe Commerce 2.4.7-p3 and earlier versions
  • Adobe Commerce 2.4.6-p8 and earlier versions
  • Adobe Commerce 2.4.5-p10 and earlier versions
  • Adobe Commerce 2.4.4-p11 and earlier versions
  • Adobe Commerce B2B 1.5.0  and earlier versions
  • Adobe Commerce B2B 1.4.2-p3 and earlier versions
  • Adobe Commerce B2B 1.3.5-p8 and earlier versions
  • Adobe Commerce B2B 1.3.4-p10 and earlier versions
  • Adobe Commerce B2B 1.3.3-p11 and earlier versions
  • Adobe Illustrator 2025 29.1 and earlier versions
  • Adobe Illustrator 2024 28.7.3 and earlier versions
  • Adobe InCopy 20.0 and earlier versions
  • Adobe InCopy 19.5.1 and earlier versions
  • Adobe InDesign ID20.0 and earlier versions
  • Adobe InDesign ID19.5.1 and earlier version
  • Adobe Photoshop Elements 2025.0