Adobe on Tuesday pushed security updates to address a total of 254 security flaws affecting their software products, most of which affect the manager (AEM).
Of the 254 flaws, 225 live in AEM, affecting AEM Cloud Services (CS) and also includes 6.5.22 before all versions. The issues have been resolved in AEM Cloud Service release 2025.5 and version 6.5.23.
Adobe said in an advisor, “Successful exploitation of these weaknesses can result in arbitrary code execution, privilege and safety facility bypass.”
Almost all 225 weaknesses are classified as cross-site scripting (XSS) weaknesses, a mixture of specifically stored XSS and DOM-based XSS, whose arbitrary code can be exploited to achieve execution.
Adobe has credited security researchers Jim Green (Green-Zem), Akshay Sharma (anam_baqzero), and LPI for the discovery and reporting of XSS defects.
As part of this month’s update, the most serious adobe of the defects picked by the company worries about a code execution defect in the commerce and the Magento Open Source.
Important-rated vulnerability, CVE-2025-47110 (CVSS Score: 9.1) is a reflected XSS vulnerability resulting in arbitrary code execution. It is also an improper authority addressed defect (CVE-2025-43585, CVSS Score: 8.2) that can cause a safety facility bypass.
The following versions are affected –
- Adobe Commerce (2.4.8, 2.4.7-P5 and previously, 2.4.6-p10 and earlier, 2.4.5-p12 and before, and before, and 2.4.4-p13 and before)
- Adobe Commerce B2B (1.5.2 and earlier, 1.4.2-P5 and first, 1.3.5-p10 and first, 1.3.4-p12 and before, and 1.3.3-p13 and before)
- Magento Open Source (2.4.8, 2.4.7-P5 and first, 2.4.6-P10 and first, 2.4.5-p12 and earlier)
Of the remaining updates, four adobe incopies (CVE-2025-30327, CVE-2025-47107, CVSS score: 7.8) and substances 3D sample (CVE-2025-43581, Cve-2025-43588, CVS score: 7.8) are related to codes.
While any bug is not publicly known or listed as exploitation in the wild, users are advised to update their examples to protect their examples from potential hazards in the latest version.
