Summary
Adobe has released security updates to address vulnerabilities, including 29 with a “high” severity, in the products Acrobat Reader, Substance 3D Sampler, Substance 3D Painter, Substance 3D Modeler, Substance 3D Designer, Illustrator, InDesign.
Risk
Vulnerability community impact estimate: Medium (63.84)
Type
- Arbitrary Code Execution
- Security Feature Bypass
Affected products and/or versions
- Acrobat Reader
- Illustrator 2024
- Illustrator 2025
- InDesign
- Substance 3D Designer
- Substance 3D Modeler
- Substance 3D Painter
- Substance 3D Sampler
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletins available at the links in the References section.
Below are only the CVEs related to the vulnerabilities with a “high” severity:
https://helpx.adobe.com/security/products/acrobat/apsb25-14.html
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
https://helpx.adobe.com/security/products/illustrator/apsb25-17.html
https://helpx.adobe.com/security/products/substance3d_painter/apsb25-18.html
https://helpx.adobe.com/security/products/indesign/apsb25-19.html
https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-21.html
https://helpx.adobe.com/security/products/substance3d_designer/apsb25-22.html
https://helpx.adobe.com/security/Home.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.