Adobe’s August 2025 Patch Tuesday updates address more than 60 vulnerabilities across 3D design, content creation, publishing and other types of products.
The software giant has published 13 new advisories, including five that cover vulnerabilities in Substance 3D products such as Viewer, Modeler, Painter, Sampler, and Stager.
In each of them Adobe patched one or more critical (high severity based on CVSS score) code execution vulnerabilities, and in some of them multiple important (medium severity) memory leaks.
In Commerce and the Magento open source solution Adobe fixed four critical vulnerabilities that can be exploited for privilege escalation, denial of service (DoS), and arbitrary file system read, along with two security feature bypass issues.
In Animate, the company patched one critical arbitrary code execution vulnerability and a memory leak, while in Illustrator it addressed three code execution flaws and one DoS issue.
Adobe also fixed a critical code execution bug in Photoshop and one memory leak in Dimension. Several critical code execution flaws were also patched in FrameMaker.
InCopy and InDesign updates resolve a total of nearly 20 critical vulnerabilities that can be exploited for arbitrary code execution.
Adobe says it’s not aware of malicious attacks exploiting any of these vulnerabilities. In addition, while some of the flaws have been rated critical, they all have a priority rating of 2 or 3, which indicates that Adobe does not expect to see in-the-wild exploitation.
Microsoft’s Patch Tuesday updates for August 2025 address over 100 vulnerabilities, including several critical issues that can be exploited for remote code execution.
Related: Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC
Related: Aanchal Gupta Joins Adobe as Chief Security Officer
