Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Post author:Cyber Security Advisories - MS-ISAC
Post published:March 11, 2025

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

Adobe Acrobat and Reader is used to view, create, print, and manage PDF files on desktop and mobile.
Substance 3D Sampler is a 3D scanning software that uses AI to create 3D models and materials from real-world images.
Adobe Illustrator is a vector graphics editor and design program.
Substance 3D Painter is a 3D painting software that allows users to texture and add materials directly to 3D meshes in real-time.
Adobe InDesign is used to create and publish brochures, digital magazines, eBooks, posters, and presentations.
Substance 3D Modeler is a 3D modeling and sculpting application.
Substance 3D Designer is a 3D design software that is used to generate textures.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Share my story Share this content

You Might Also Like

Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Share this content