Adobe’s latest round of Patch Tuesday updates addresses 29 vulnerabilities across the company’s InDesign, InCopy, Photoshop, Illustrator, Pass, Substance 3D Stager, and Format Plugins products.
Critical vulnerabilities that can be exploited for arbitrary code execution have been addressed in InDesign, InCopy, Photoshop, Illustrator, Substance 3D Stager, and Format Plugins. A critical security bypass issue has been resolved in Pass.
It’s worth noting that Adobe assigns a ‘critical’ severity to issues that, based on their CVSS score, have a ‘high’ severity rating.
Adobe says there is no evidence that the vulnerabilities patched this month have been exploited in the wild.
The company has assigned a priority rating of ‘3’ to all of the bugs, which indicates that malicious exploitation is not expected.
However, users were warned recently that a critical flaw in Adobe Commerce had been exploited to hack ecommerce websites.
In addition, CISA warned last month about the active exploitation of an Adobe Experience Manager Forms vulnerability.
Microsoft’s November 2025 Patch Tuesday updates fix more than 60 vulnerabilities, including a Windows kernel zero-day that has been exploited in the wild.
Related: Adobe Patches Critical Vulnerability in Connect Collaboration Suite
Related: Adobe Patches Critical ColdFusion and Commerce Vulnerabilities
Related: Adobe Patches Over 60 Vulnerabilities Across 13 Products
