Alert GCSA-25106 - Adobe Monthly Security Update - settembre 2025
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-25106
data: 10 settembre 2025
titolo: Adobe Monthly Security Update - settembre 2025
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato i seguenti aggiornamenti di sicurezza
con i quali risolve vulnerabilita' multiple, di cui 10- di livello "alto"
e 2 di livello "critico".
APSB25-85 : Security update available for Adobe Acrobat Reader
APSB25-86 : Security update available for Adobe After Effects
APSB25-87 : Security update available for Adobe Premiere Pro
APSB25-88 : Security update available for Adobe Commerce
APSB25-89 : Security update available for Adobe Substance 3D Viewer
APSB25-90 : Security update available for Adobe Experience Manager
APSB25-91 : Security update available for Adobe Dreamweaver
APSB25-92 : Security update available for Adobe Substance 3D Modeler
APSB25-93 : Security update available for Adobe ColdFusion
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Acrobat 2020, Classic 2020, Windows e macOS
Acrobat 2024, Classic 2024, Windows e macOS
Acrobat DC, Continuous, Windows e macOS
Acrobat Reader 2020, Classic 2020, Windows e macOS
Acrobat Reader DC, Continuous, Windows e macOS
Adobe Commerce 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 e versioni precedenti
Adobe Commerce B2B 1.5.3-alpha2, 1.5.2-p2, 1.4.2-p7, 1.3.5-p12, 1.3.4-p14, 1.3.3-p15 e versioni precedenti
Premiere Pro, 24.6.5 e versioni precedenti (per Windows e macOS)
Premiere Pro, 25.3 e versioni precedenti (per Windows e macOS)
Magento Open Source 2.4.9-alpha2, 2.4.8-p2 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 e versioni precedenti
Adobe Substance 3D Viewer 0.25.1 e versioni precedenti
Adobe Substance 3D Modeler 1.22.2 e versioni precedenti
ColdFusion 2021, Update 21 e versioni precedenti
ColdFusion 2023, Update 15 e versioni precedenti
ColdFusion 2025, Update 3 e versioni precedenti
Dreamweaver , 21.5 e versioni precedenti
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)
:: Soluzioni
Aggiornare i prodotti alle versioni piu' recenti
:: Riferimenti
Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/acrobat/apsb25-85.html
https://helpx.adobe.com/security/products/after_effects/apsb25-86.html
https://helpx.adobe.com/security/products/premiere_pro/apsb25-87.html
https://helpx.adobe.com/security/products/magento/apsb25-88.html
https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-89.html
https://helpx.adobe.com/security/products/experience-manager/apsb25-90.html
https://helpx.adobe.com/security/products/dreamweaver/apsb25-91.html
https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-92.html
https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2025-083
CSIRT Italia
https://www.acn.gov.it/portale/w/adobe-aggiornamenti-di-sicurezza-7
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54261
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaMFzBQAKCRDBnEyTZRJg
QgDLAJ985nq5JXn0er2IgrhYYyh/4Kl/lACeKYJ529sxUnHgv4o37bfOLHMBouo=
=FJAl
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-25106
data: 10 settembre 2025
titolo: Adobe Monthly Security Update - settembre 2025
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato i seguenti aggiornamenti di sicurezza
con i quali risolve vulnerabilita' multiple, di cui 10- di livello "alto"
e 2 di livello "critico".
APSB25-85 : Security update available for Adobe Acrobat Reader
APSB25-86 : Security update available for Adobe After Effects
APSB25-87 : Security update available for Adobe Premiere Pro
APSB25-88 : Security update available for Adobe Commerce
APSB25-89 : Security update available for Adobe Substance 3D Viewer
APSB25-90 : Security update available for Adobe Experience Manager
APSB25-91 : Security update available for Adobe Dreamweaver
APSB25-92 : Security update available for Adobe Substance 3D Modeler
APSB25-93 : Security update available for Adobe ColdFusion
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Acrobat 2020, Classic 2020, Windows e macOS
Acrobat 2024, Classic 2024, Windows e macOS
Acrobat DC, Continuous, Windows e macOS
Acrobat Reader 2020, Classic 2020, Windows e macOS
Acrobat Reader DC, Continuous, Windows e macOS
Adobe Commerce 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 e versioni precedenti
Adobe Commerce B2B 1.5.3-alpha2, 1.5.2-p2, 1.4.2-p7, 1.3.5-p12, 1.3.4-p14, 1.3.3-p15 e versioni precedenti
Premiere Pro, 24.6.5 e versioni precedenti (per Windows e macOS)
Premiere Pro, 25.3 e versioni precedenti (per Windows e macOS)
Magento Open Source 2.4.9-alpha2, 2.4.8-p2 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 e versioni precedenti
Adobe Substance 3D Viewer 0.25.1 e versioni precedenti
Adobe Substance 3D Modeler 1.22.2 e versioni precedenti
ColdFusion 2021, Update 21 e versioni precedenti
ColdFusion 2023, Update 15 e versioni precedenti
ColdFusion 2025, Update 3 e versioni precedenti
Dreamweaver , 21.5 e versioni precedenti
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)
:: Soluzioni
Aggiornare i prodotti alle versioni piu' recenti
:: Riferimenti
Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/acrobat/apsb25-85.html
https://helpx.adobe.com/security/products/after_effects/apsb25-86.html
https://helpx.adobe.com/security/products/premiere_pro/apsb25-87.html
https://helpx.adobe.com/security/products/magento/apsb25-88.html
https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-89.html
https://helpx.adobe.com/security/products/experience-manager/apsb25-90.html
https://helpx.adobe.com/security/products/dreamweaver/apsb25-91.html
https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-92.html
https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2025-083
CSIRT Italia
https://www.acn.gov.it/portale/w/adobe-aggiornamenti-di-sicurezza-7
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54261
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaMFzBQAKCRDBnEyTZRJg
QgDLAJ985nq5JXn0er2IgrhYYyh/4Kl/lACeKYJ529sxUnHgv4o37bfOLHMBouo=
=FJAl
-----END PGP SIGNATURE-----