The Indian Computer Emergency Response Team (CERT-In) has issued a medium-severity cybersecurity alert (CIVN-2025-0137) on July 1, 2025, warning users about multiple vulnerabilities across several widely used Adobe products. These flaws could pose serious risks to individual users and organizations relying on Adobe tools for content creation, document management, and e-commerce.
CERT-In Warns of Critical Vulnerabilities in Multiple Adobe Products
The vulnerabilities affect a broad range of Adobe applications and versions, including Adobe InCopy (up to 20.3 and 19.5.4), Experience Manager (up to 6.5.23), Commerce and B2B versions before 2.4.8, Magento Open Source before 2.4.8, InDesign (up to ID20.3), Acrobat and Reader (for both Windows and Mac prior to specific builds), and Substance 3D products like Sampler and Painter. The issues mostly stem from memory corruption, poor input validation, and improper handling of user data.
CERT-In warns that these vulnerabilities could allow attackers to bypass security measures, run arbitrary code, launch cross-site scripting attacks, escalate user privileges, access sensitive data, or disrupt services through denial-of-service (DoS) conditions.
Immediate Action Advised: CERT-In Shares Mitigation Steps for Adobe Vulnerabilities
System administrators, cybersecurity teams, and end-users are advised to act immediately. This alert is especially critical for organizations dependent on Adobe platforms for operations in publishing, e-commerce, and design.
To stay secure, CERT-In recommends applying the latest security patches from Adobe, monitoring systems for suspicious behaviour, avoiding untrusted files or links, and ensuring antivirus and endpoint protections are up to date. Organizations should also implement application allow listing to prevent unauthorized software execution. Taking prompt action will help reduce the chances of exploitation and protect systems against potential cyber threats.
Summary:
CERT-In has issued a cybersecurity alert warning of serious vulnerabilities in multiple Adobe products, including InDesign, Acrobat, and Magento. These flaws could allow attackers to execute code, steal data, or disrupt services. Users are urged to apply security patches, monitor systems, and follow best practices to prevent potential cyber threats.
