Adobe — Vulnerabilities & Security Advisories 4340

Browse all 4340 CVE security advisories affecting Adobe. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Adobe Systems Incorporated primarily develops multimedia and creativity software, most notably the PDF format and the Creative Cloud suite. With a vast attack surface encompassing 4,289 recorded CVEs, the company has historically faced significant security challenges. Common vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from complex legacy codebases and third-party integrations. Notable incidents include critical RCE vulnerabilities in Acrobat Reader and Flash Player, which were frequently exploited by state-sponsored actors and criminal syndicates. The discontinuation of Flash Player marked a pivotal shift, yet the persistence of high-severity bugs in PDF parsing and document processing engines continues to pose risks. Adobe’s extensive market share makes it a high-value target, necessitating rigorous patch management and secure coding practices to mitigate the ongoing threat landscape associated with its widely deployed enterprise and consumer applications.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-64872	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	4.8	Medium	2025-12-10
CVE-2025-64562	Adobe Experience Manager \| Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-12-10
CVE-2025-61797	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-10-14
CVE-2025-54272	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-10-14
CVE-2025-61796	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-10-14
CVE-2025-54250	Adobe Experience Manager \| Improper Input Validation (CWE-20) — Adobe Experience ManagerCWE-20	4.9	Medium	2025-09-09
CVE-2025-54247	Adobe Experience Manager \| Improper Input Validation (CWE-20) — Adobe Experience ManagerCWE-20	6.5	Medium	2025-09-09
CVE-2025-54246	Adobe Experience Manager \| Incorrect Authorization (CWE-863) — Adobe Experience ManagerCWE-863	6.5	Medium	2025-09-09
CVE-2025-54248	Adobe Experience Manager \| Improper Input Validation (CWE-20) — Adobe Experience ManagerCWE-20	7.7	High	2025-09-09
CVE-2025-54252	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-09-09
CVE-2025-54251	Adobe Experience Manager \| XML Injection (aka Blind XPath Injection) (CWE-91) — Adobe Experience ManagerCWE-91	4.3	Medium	2025-09-09
CVE-2025-54249	Adobe Experience Manager \| Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Experience ManagerCWE-918	6.5	Medium	2025-09-09
CVE-2025-47054	Adobe Experience Manager \| Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-46849	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-46852	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-46856	Adobe Experience Manager \| Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-46932	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-46936	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-46962	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-46998	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-20
CVE-2025-54253	Adobe Experience Manager \| Incorrect Authorization (CWE-863) — Adobe Experience ManagerCWE-863	10.0	Critical	2025-08-05
CVE-2025-54254	Adobe Experience Manager \| Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) — Adobe Experience ManagerCWE-611	8.6	High	2025-08-05
CVE-2025-46958	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-08-05
CVE-2025-47001	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-07-30
CVE-2025-46993	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-07-24
CVE-2025-46996	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-07-24
CVE-2025-47061	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-07-24
CVE-2025-47053	Adobe Experience Manager \| Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-07-16
CVE-2025-46959	Adobe Experience Manager \| Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-07-16
CVE-2025-49547	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience ManagerCWE-79	5.4	Medium	2025-07-08

This page lists every published CVE security advisory associated with Adobe. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Adobe — Vulnerabilities & Security Advisories 4340