Attackers can exploit several security vulnerabilities in Adobe applications to compromise computers.

Several vulnerabilities in Commerce, InCopy, InDesign, Illustrator, Photoshop Elements, Substance 3D Designer and Substance 3D Stager endanger PCs. Adobe classifies many of the vulnerabilities as critical.

Security updates are available for download for macOS and Windows. There are currently no reports of ongoing attacks.

Malicious code execution

Online shops based on Commerce are vulnerable and attackers can, among other things, gain higher user rights (CVE-2025-24434 critical), bypass security functions (CVE-2025-24409 high) or execute malicious code (CVE-2025-24412 high). Adobe lists the versions that are protected against this in the according article.

InDesign is protected against various attacks in versions ID19.5.2 and ID20.1. In Illustrator 2024 28.7.4 and Illustrator 2025 29.2.1, the developers have closed three malicious code vulnerabilities.

Substance 3D Stager is protected in version 3.1.1. Substance 3D Designer is equipped in version 14.1. A malicious code gap (CVE-2025-21156 high) has also been closed in InCopy 19.5.2 and 20.1. Photoshop Elements is only vulnerable under macOS with ARM processors. Version 2025.1 [build: 20250124.PSE.f552973b, 20250124.PSE.5345f07d (Mac ARM)] provides a remedy here.