Adobe Releases Critical Security Patches for InDesign and Photoshop

Adobe has issued crucial security updates for several of its applications, including InDesign and Photoshop, addressing vulnerabilities that could be exploited by malicious attackers. As of now, there are no reported incidents of these vulnerabilities being actively exploited.

The May patch day has led to the release of updates for various Adobe products, including Animate, Bridge, ColdFusion, Connect, Dreamweaver, InDesign, Illustrator, Lightroom, Photoshop, and the Substance 3D suite. Users are strongly advised to ensure that their applications are updated to the latest versions to mitigate potential security risks.

The updates cover:

• Animate 2023 (version 23.0.12) for macOS and Windows
• Animate 2024 (version 24.0.9) for macOS and Windows
• Bridge 14.1.7 for macOS and Windows
• Bridge 15.0.4 for macOS and Windows
• ColdFusion 2021 (Update 20) across all platforms
• ColdFusion 2023 (Update 14) across all platforms
• ColdFusion 2025 (Update 2) across all platforms
• Connect 12.9 across all platforms
• Dreamweaver 21.5 for macOS and Windows
• InDesign (ID19.5.3) for macOS and Windows
• InDesign (ID20.3) for macOS and Windows
• Illustrator (version 28.7.6) for macOS and Windows
• Illustrator (version 29.4) for macOS and Windows
• Lightroom 8.3 across all platforms
• Photoshop (version 25.12.3) for macOS and Windows
• Photoshop (version 26.6) for macOS and Windows
• Substance 3D Modeler (version 1.22.0) across all platforms
• Substance 3D Painter (version 11.0.1) across all platforms
• Substance 3D Stager (version 3.1.1) for macOS and Windows

Failure to apply these updates may expose users to denial-of-service attacks and malicious code injections. A critical vulnerability identified as CVE-2025-43567 in Connect allows attackers to gain elevated user privileges through unspecified means. Additionally, several vulnerabilities categorized as critical in ColdFusion, including CVE-2025-43559, could permit unauthorized access to files that should be restricted.

While there have been no reports of these vulnerabilities being exploited in the wild, system administrators are urged not to delay the installation of the necessary patches. For further details on the security advisories, Adobe has provided comprehensive information for each affected application.