Jun 03, 2026
Oct 15, 2025
3 Mins Read
Adobe Patches Critical Connect Flaw (CVE-2025-49553) and 35 More Across Creative Suite
Adobe has released a broad set of security updates addressing 36 vulnerabilities across products including Adobe Connect, Commerce, Illustrator, FrameMaker, and several Substance 3D tools. According to Adobe, 24 of these flaws are rated as critical issues, based on the company’s internal severity classification. Among them is a Connect vulnerability (CVE-2025-49553) with a CVSS score of 9.3, marking it as the most severe disclosed.
CVE-2025-49553 (CVSS 9.3): Critical DOM-Based XSS in Adobe Connect
CVE-2025-49553 is the most severe issue disclosed in Adobe’s latest security advisories. This DOM-based cross-site scripting (XSS) vulnerability in Adobe Connect could be exploited by attackers to execute arbitrary code in the context of the user’s session, posing a serious risk for Remote Code Execution (RCE).
Affected Versions
- Adobe Connect 12.9 and earlier (Windows and macOS)
Fixed Version
- Adobe Connect 12.10 (Windows and macOS)
CVE-2025-49553 (SOCRadar Labs CVE Radar)
According to Adobe, this vulnerability is considered critical due to the potential impact and ease of exploitation, although it has not yet been observed in active attacks.
CVE-2025-54263 (CVSS 8.8): Security Feature Bypass in Adobe Commerce & Magento Open Source
Another notable vulnerability addressed in this update is CVE-2025-54263, affecting Adobe Commerce and Magento Open Source. This issue stems from improper access control and could allow attackers to bypass security features, potentially leading to serious compromise.
Adobe classifies this flaw as critical, and while it’s not known to be exploited in the wild, patching is strongly advised.
Where Else Did Adobe Apply Critical Fixes?
Adobe also addressed many high-severity vulnerabilities across its broader software lineup. Most of these received a CVSS score of 7.8 and are categorized by Adobe as critical, due to their potential for serious exploitation.
While most updates carry a priority rating of “3,” Adobe has raised the priority level for AdobeCommerce and Magento Open Source to “2.” These platforms face a higher risk based on historical exploit patterns, making timely patching more important.
Other affected applications include:
- Substance 3D Stager
- Illustrator
- FrameMaker
- Bridge
- Dimension
- Animate
- Creative Cloud Desktop App
These flaws involve risks such as code execution, privilege escalation, and security feature bypass, warranting immediate administrative attention.
What Should You Do?
Adobe Connect users, in particular, should ensure they are running version 12.10 or later. Similarly, users of Commerce, Illustrator, and other creative applications should check the October advisories and apply updates accordingly.
For the latest Adobe product security updates, users can visit Adobe’s official security advisories page.
Keeping track of vulnerabilities across diverse software ecosystems can be overwhelming. SOCRadar’s Cyber Threat Intelligence (CTI) and Attack Surface Management (ASM) modules empower organizations to proactively monitor, assess, and respond to emerging threats, including vendor patch alerts like Adobe’s.
SOCRadar’s Vulnerability Intelligence
With real-time visibility and contextualized threat intelligence, SOCRadar helps security teams streamline vulnerability prioritization and reduce exposure across their digital footprint.
Table Of Content
Adobe Patches Critical Connect Flaw (CVE-2025-49553) and 35 More Across Creative Suite
CVE-2025-49553 (CVSS 9.3): Critical DOM-Based XSS in Adobe Connect
CVE-2025-54263 (CVSS 8.8): Security Feature Bypass in Adobe Commerce & Magento Open Source
Where Else Did Adobe Apply Critical Fixes?
What Should You Do?
Related Articles
