The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a high-severity cybersecurity advisory for several widely used Adobe products. The advisory highlights multiple vulnerabilities that could be exploited to execute arbitrary code, bypass security features, gain elevated privileges, or access sensitive data.
According to the official notification, the affected products include Adobe InCopy (versions up to 20.3 and 19.5.4), Adobe InDesign (up to ID20.3 and ID19.5.4), Adobe Experience Manager (up to 6.5.23 and AEM CS 2025.5), Adobe Commerce and Commerce B2B (before 2.4.8), Magento Open Source (before 2.4.8), Adobe Acrobat and Reader for Windows and macOS (prior to builds 25.001.20531 and 25.001.20529), Acrobat 2024 and 2020 (prior to 24.001.30254 and 20.005.30744), as well as Adobe Substance 3D Sampler (up to 5.0.3) and Substance 3D Painter (before 11.0.2).
CERT-In notes that these vulnerabilities stem from issues such as memory corruption, improper input validation, and insecure handling of user data. The risks include denial-of-service attacks, cross-site scripting (XSS), and unauthorized access, posing a significant threat to individuals and businesses that rely on Adobe’s tools for digital content, design, and e-commerce operations.
Users and organizations have been urged to apply the latest security patches released by Adobe and to implement robust patch management protocols. The advisory forms part of CERT-In’s continued efforts to strengthen India’s cybersecurity posture and protect critical software environments from emerging digital threats. Read more: link