Adobe on Tuesday pushed Security updates To solve a total of 254 safety deficiencies that affect its software products, most of which affect the experience manager (AEM).
Of the 254 flaws of 225, they live in a UNA, affecting the AEM (CS) cloud service, as well as all versions of and including 6.5.22. The problems were solved in the release of AEM Cloud Service 2025.5 and version 6.5.23.
“Successful operation of these vulnerabilities can lead to arbitrary code, escalation of privileges and security function,” Adobe – Note In advisory.
Almost all 225 vulnerabilities were attributed to the script (XSS) vulnerabilities, in particular the preserved XSS and Doms XSS, which can be used to achieve an arbitrary code.
Adobe has enrolled Jim Green (Green Jam) security researchers, Anonymous_blackzero, and LPI for the detection and report on XSS deficiencies.
The most serious of the disadvantages recorded by the company as part of the update this month concerns the shortage of code in Adobe Commerce and Magento Open Source.
Critical vulnerability, CVE-2025-47110 (CVSS Assessment: 9.1) -y-reflected XSS vulnerability, which can lead to an arbitrary code execution. Also addressed to the wrong lack of authorization (CVE-2025-43585, CVSS assessment: 8.2), which can lead to the bypass function of security.
A The following versions exposed to –
- Adobe Commerce (2.4.8, 2.4.7-P5 and earlier, 2.4.6-P10 and earlier, 2.4.5-p12 and earlier, and 2.4.4-p13)
- Adobe Commerce B2B (1.5.2 and earlier, 1.4.2-P5 and earlier, 1.3.5-P10 and earlier, 1.3.4-p12 and earlier, and 1.3.3-p13)
- Magento with open source (2.4.8, 2.4.7-P5 and earlier, 2.4.6-P10 and earlier, 2.4.5-p12)
Of the rest of the updates four related to the downside of the code in Adobe incopy (Cve-2015-30327, Cve-2015-47107, CVSS points: 7.8) and A substance 3D -sempler (Cve-2015-43581, Cve-2015-43588, CVSS: 7.8).
While none of the mistakes has been listed as a well -known or exploited in the wild, users are advised to update their instances to the latest version to protect against potential threats.
