Alert GCSA-25049 - Adobe Security Bulletin - Aprile 2025
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25049
Data: 09 Aprile 2025
Titolo: Adobe Security Bulletin - Aprile 2025
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato i seguenti aggiornamenti di sicurezza:
APSB25-15 : Security update available for Adobe ColdFusion
APSB25-23 : Security update available for Adobe After Effects
APSB25-24 : Security update available for Adobe Media Encoder
APSB25-25 : Security update available for Adobe Bridge
APSB25-26 : Security update available for Adobe Commerce
APSB25-27 : Security update available for Adobe Experience Manager Forms
APSB25-28 : Security update available for Adobe Premiere Pro
APSB25-30 : Security update available for Adobe Photoshop
APSB25-31 : Security update available for Adobe Animate
APSB25-32 : Security update available for Adobe Experience Manager Screens
APSB25-33 : Security update available for Adobe FrameMaker
APSB25-34 : Security update available for Adobe XMP Toolkit SDK
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
ColdFusion 2025 Build 331385
ColdFusion 2023 Update 12 e versioni precedenti
ColdFusion 2021 Update 18 e versioni precedenti
Adobe After Effects 24.6.4 e versioni precedenti
Adobe After Effects 25.1 e versioni precedenti
Adobe Media Encoder 24.6.4 e versioni precedenti
Adobe Media Encoder 25.1 e versioni precedenti
Adobe Bridge 14.1.5 e versioni precedenti
Adobe Bridge 15.0.2 e versioni precedenti
Adobe Commerce 2.4.8-beta2
Adobe Commerce 2.4.7-p4 e versioni precedenti
Adobe Commerce 2.4.6-p9 e versioni precedenti
Adobe Commerce 2.4.5-p11 e versioni precedenti
Adobe Commerce 2.4.4-p12 e versioni precedenti
Adobe Commerce B2B 1.5.1 e versioni precedenti
Adobe Commerce B2B 1.4.2-p4 e versioni precedenti
Adobe Commerce B2B 1.3.5-p9 e versioni precedenti
Adobe Commerce B2B 1.3.4-p11 e versioni precedenti
Adobe Commerce B2B 1.3.3-p12 e versioni precedenti
Magento Open Source 2.4.8-beta
Magento Open Source 2.4.7-p4 e versioni precedenti
Magento Open Source 2.4.6-p9 e versioni precedenti
Magento Open Source 2.4.5-p11 e versioni precedenti
Magento Open Source 2.4.4-p12 e versioni precedenti
Adobe Experience Manager (AEM) Forms on JEE 6.5.22.0 (AEMForms-6.5.0-0093) e versioni precedenti
Adobe Premiere Pro 25.1 e versioni precedenti
Adobe Premiere Pro 24.6.4 e versioni precedenti
Photoshop 2025 26.4.1 e versioni precedenti
Photoshop 2024 25.12.1 e versioni precedenti
Adobe Animate 2023 23.0.10 e versioni precedenti
Adobe Animate 2024 24.0.7 e versioni precedenti
Adobe Experience Manager (AEM) Screens AEM 6.5 Screens FP11.3 e versioni precedenti
Adobe FrameMaker 2020 Release Update 7 e versioni precedenti
Adobe FrameMaker 2022 Release Update 5 e versioni precedenti
Adobe XMP-Toolkit-SDK 2023.12 e versioni precedenti
:: Impatto
Remote Code Execution
Information Disclosure
Denial of Service
Elevation of Privilege
Security Restriction Bypass
:: Soluzioni
Aggiornare i software all'ultima versione:
ColdFusion 2025 Update 1
ColdFusion 2023 Update 13
ColdFusion 2021 Update 19
Adobe After Effects 24.6.5
Adobe After Effects 25.2
Adobe Media Encoder 24.6.5
Adobe Media Encoder 25.2
Adobe Bridge 14.1.6
Adobe Bridge 15.0.3
Adobe Commerce 2.4.8
Adobe Commerce 2.4.7-p5
Adobe Commerce 2.4.6-p10
Adobe Commerce 2.4.5-p12
Adobe Commerce 2.4.4-p13
Adobe Commerce B2B 1.5.2
Adobe Commerce B2B 1.4.2-p5
Adobe Commerce B2B 1.3.5-p10
Adobe Commerce B2B 1.3.4-p12
Adobe Commerce B2B 1.3.3-p13
Magento Open Source 2.4.8
Magento Open Source 2.4.7-p5
Magento Open Source 2.4.6-p10
Magento Open Source 2.4.5-p12
Magento Open Source 2.4.4-p13
Adobe Experience Manager (AEM) Forms on JEE 6.5.22.0 (AEMForms-6.5.0-0095)
Adobe Premiere Pro 25.2
Adobe Premiere Pro 24.6.5
Photoshop 2025 26.5
Photoshop 2024 25.12.2
Adobe Animate 2023 23.0.11
Adobe Animate 2024 24.0.8
Adobe Experience Manager (AEM) Screens
AEM 6.5 Screens FP11.4
Adobe FrameMaker 2020 Update 8
Adobe FrameMaker 2022 Update 6
Adobe XMP-Toolkit-SDK 2025.03
:: Riferimenti
Adobe Security Bulletins e Advisories:
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
https://helpx.adobe.com/security/products/after_effects/apsb25-23.html
https://helpx.adobe.com/security/products/media-encoder/apsb25-24.html
https://helpx.adobe.com/security/products/bridge/apsb25-25.html
https://helpx.adobe.com/security/products/magento/apsb25-26.html
https://helpx.adobe.com/security/products/aem-forms/apsb25-27.html
https://helpx.adobe.com/security/products/premiere_pro/apsb25-28.html
https://helpx.adobe.com/security/products/photoshop/apsb25-30.html
https://helpx.adobe.com/security/products/animate/apsb25-31.html
https://helpx.adobe.com/security/products/aem-screens/apsb25-32.html
https://helpx.adobe.com/security/products/framemaker/apsb25-33.html
https://helpx.adobe.com/security/products/xmpcore/apsb25-34.html
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30309
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ/YleA0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC03IAoIRhO4gGhBQowvZpW0SvJyQjOZ6sAJ4q6XtL1gp7
0/5sBlWBBFsfK5enqg==
=PAFn
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25049
Data: 09 Aprile 2025
Titolo: Adobe Security Bulletin - Aprile 2025
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato i seguenti aggiornamenti di sicurezza:
APSB25-15 : Security update available for Adobe ColdFusion
APSB25-23 : Security update available for Adobe After Effects
APSB25-24 : Security update available for Adobe Media Encoder
APSB25-25 : Security update available for Adobe Bridge
APSB25-26 : Security update available for Adobe Commerce
APSB25-27 : Security update available for Adobe Experience Manager Forms
APSB25-28 : Security update available for Adobe Premiere Pro
APSB25-30 : Security update available for Adobe Photoshop
APSB25-31 : Security update available for Adobe Animate
APSB25-32 : Security update available for Adobe Experience Manager Screens
APSB25-33 : Security update available for Adobe FrameMaker
APSB25-34 : Security update available for Adobe XMP Toolkit SDK
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
ColdFusion 2025 Build 331385
ColdFusion 2023 Update 12 e versioni precedenti
ColdFusion 2021 Update 18 e versioni precedenti
Adobe After Effects 24.6.4 e versioni precedenti
Adobe After Effects 25.1 e versioni precedenti
Adobe Media Encoder 24.6.4 e versioni precedenti
Adobe Media Encoder 25.1 e versioni precedenti
Adobe Bridge 14.1.5 e versioni precedenti
Adobe Bridge 15.0.2 e versioni precedenti
Adobe Commerce 2.4.8-beta2
Adobe Commerce 2.4.7-p4 e versioni precedenti
Adobe Commerce 2.4.6-p9 e versioni precedenti
Adobe Commerce 2.4.5-p11 e versioni precedenti
Adobe Commerce 2.4.4-p12 e versioni precedenti
Adobe Commerce B2B 1.5.1 e versioni precedenti
Adobe Commerce B2B 1.4.2-p4 e versioni precedenti
Adobe Commerce B2B 1.3.5-p9 e versioni precedenti
Adobe Commerce B2B 1.3.4-p11 e versioni precedenti
Adobe Commerce B2B 1.3.3-p12 e versioni precedenti
Magento Open Source 2.4.8-beta
Magento Open Source 2.4.7-p4 e versioni precedenti
Magento Open Source 2.4.6-p9 e versioni precedenti
Magento Open Source 2.4.5-p11 e versioni precedenti
Magento Open Source 2.4.4-p12 e versioni precedenti
Adobe Experience Manager (AEM) Forms on JEE 6.5.22.0 (AEMForms-6.5.0-0093) e versioni precedenti
Adobe Premiere Pro 25.1 e versioni precedenti
Adobe Premiere Pro 24.6.4 e versioni precedenti
Photoshop 2025 26.4.1 e versioni precedenti
Photoshop 2024 25.12.1 e versioni precedenti
Adobe Animate 2023 23.0.10 e versioni precedenti
Adobe Animate 2024 24.0.7 e versioni precedenti
Adobe Experience Manager (AEM) Screens AEM 6.5 Screens FP11.3 e versioni precedenti
Adobe FrameMaker 2020 Release Update 7 e versioni precedenti
Adobe FrameMaker 2022 Release Update 5 e versioni precedenti
Adobe XMP-Toolkit-SDK 2023.12 e versioni precedenti
:: Impatto
Remote Code Execution
Information Disclosure
Denial of Service
Elevation of Privilege
Security Restriction Bypass
:: Soluzioni
Aggiornare i software all'ultima versione:
ColdFusion 2025 Update 1
ColdFusion 2023 Update 13
ColdFusion 2021 Update 19
Adobe After Effects 24.6.5
Adobe After Effects 25.2
Adobe Media Encoder 24.6.5
Adobe Media Encoder 25.2
Adobe Bridge 14.1.6
Adobe Bridge 15.0.3
Adobe Commerce 2.4.8
Adobe Commerce 2.4.7-p5
Adobe Commerce 2.4.6-p10
Adobe Commerce 2.4.5-p12
Adobe Commerce 2.4.4-p13
Adobe Commerce B2B 1.5.2
Adobe Commerce B2B 1.4.2-p5
Adobe Commerce B2B 1.3.5-p10
Adobe Commerce B2B 1.3.4-p12
Adobe Commerce B2B 1.3.3-p13
Magento Open Source 2.4.8
Magento Open Source 2.4.7-p5
Magento Open Source 2.4.6-p10
Magento Open Source 2.4.5-p12
Magento Open Source 2.4.4-p13
Adobe Experience Manager (AEM) Forms on JEE 6.5.22.0 (AEMForms-6.5.0-0095)
Adobe Premiere Pro 25.2
Adobe Premiere Pro 24.6.5
Photoshop 2025 26.5
Photoshop 2024 25.12.2
Adobe Animate 2023 23.0.11
Adobe Animate 2024 24.0.8
Adobe Experience Manager (AEM) Screens
AEM 6.5 Screens FP11.4
Adobe FrameMaker 2020 Update 8
Adobe FrameMaker 2022 Update 6
Adobe XMP-Toolkit-SDK 2025.03
:: Riferimenti
Adobe Security Bulletins e Advisories:
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
https://helpx.adobe.com/security/products/after_effects/apsb25-23.html
https://helpx.adobe.com/security/products/media-encoder/apsb25-24.html
https://helpx.adobe.com/security/products/bridge/apsb25-25.html
https://helpx.adobe.com/security/products/magento/apsb25-26.html
https://helpx.adobe.com/security/products/aem-forms/apsb25-27.html
https://helpx.adobe.com/security/products/premiere_pro/apsb25-28.html
https://helpx.adobe.com/security/products/photoshop/apsb25-30.html
https://helpx.adobe.com/security/products/animate/apsb25-31.html
https://helpx.adobe.com/security/products/aem-screens/apsb25-32.html
https://helpx.adobe.com/security/products/framemaker/apsb25-33.html
https://helpx.adobe.com/security/products/xmpcore/apsb25-34.html
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30309
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ/YleA0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC03IAoIRhO4gGhBQowvZpW0SvJyQjOZ6sAJ4q6XtL1gp7
0/5sBlWBBFsfK5enqg==
=PAFn
-----END PGP SIGNATURE-----