Adobe has recently released security updates addressing a total of 254 vulnerabilities across its software products, with a significant number of these flaws affecting the Experience Manager (AEM). Of the 254 vulnerabilities, 225 are found within AEM, impacting the AEM Cloud Service and all versions up to and including 6.5.22. The company has provided fixes in the AEM Cloud Service Release 2025.5 and version 6.5.23.
If exploited, these vulnerabilities could lead to arbitrary code execution, privilege escalation, and the ability to bypass security features, as noted in Adobe’s advisories. Notably, most of these vulnerabilities are classified as cross-site scripting (XSS) issues, including a combination of stored XSS and DOM-based XSS, which could allow attackers to execute arbitrary code.
Among the most critical flaws addressed is a code execution vulnerability in Adobe Commerce and Magento Open Source, identified as CVE-2025-47110, which has a CVSS score of 9.1. This reflected XSS vulnerability poses a serious risk for arbitrary code execution. Additionally, an improper authorization issue, CVE-2025-43585, which could result in a bypass of security features, also received attention in this update.
The impacted versions of Adobe Commerce include:
- Adobe Commerce (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier, and 2.4.4-p13 and earlier).
- Adobe Commerce B2B (1.5.2 and earlier, 1.4.2-p5 and earlier, among others).
- Magento Open Source (2.4.8, 2.4.7-p5 and earlier, and earlier versions).
In addition to these major updates, other fixes pertain to code execution vulnerabilities in Adobe InCopy and Substance 3D Sampler, which also scored 7.8 on the CVSS scale.
Though no vulnerabilities have been publicly reported or exploited, users are strongly encouraged to update their systems to the latest versions to ensure protection against potential threats.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.