While there are currently no indications of attacks, administrators should not hesitate to install the security updates for Acrobat Reader, ColdFusion, Creative Cloud Desktop, DNG Software Development Kit, and Experience Manager.

Protecting Systems

In all cases, developers have closed, among others, "critical" security vulnerabilities that attackers could exploit to push and execute malicious code on systems. Updated versions are available for download.

As a warning message indicates, Acrobat Reader is vulnerable on macOS and Windows. Developers state that they have closed the vulnerabilities in Acrobat DC/Acrobat Reader DC 25.001.20997, Acrobat 2024 24.001.30307 (Windows) and 24.001.30308 (macOS), and Acrobat 2020/Acrobat Reader 2020 20.005.30838.

DNG Software Development Kit (SDK) has been repaired in the macOS and Windows version DNG SDK 1.7.1 build 2140. In ColdFusion 2021 Update 23, ColdFusion 2023 Update 17, and ColdFusion 2025 Update 5 for all platforms, developers have closed, among others, two "critical" vulnerabilities (CVE-2025-61808, CVE-2025-61809) through which attackers can execute their own code and bypass security features.

Creative Cloud Desktop Application is exclusively vulnerable on macOS. Version 6.8.0.821 provides a fix for this. Experience Manager is vulnerable on all platforms. Developers have closed countless malicious code security vulnerabilities here. The majority of these are classified as "medium" threat level. However, two "critical" vulnerabilities (CVE-2025-64537, CVE-2025-64539) are also included. Versions AEM Cloud Service Release 2025.12, 6.5 LTS SP1 (GRANITE-61551 Hotfix), and 6.5.24 are secured here.

(des)

Don’t miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.