TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

CIS Advisories

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

2025-12-09 · Read original ↗

ATT&CK techniques detected

5 predictions
T1078.001Default Accounts
71%
", and physical premise controls ; frequency ; limitations, such as acceptable hours, and excluded attack types ; point of contact information ; remediation, such as how findings will be routed internally ; and retrospective requirements. - safeguard 18. 2 : perform periodic exter…"
T1190Exploit Public-Facing Application
44%
"( cve - 2025 - 64896 ) successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. depending on the privileges associated with the user, an attacker could then install programs ; view, change, …"
T1190Exploit Public-Facing Application
42%
"##869, cve - 2025 - 64872, cve - 2025 - 64873, cve - 2025 - 64875, cve - 2025 - 64881 ) adobe dng software development kit ( sdk ) : - integer overflow or wraparound ( cve - 2025 - 64783 ) - heap - based buffer overflow ( cve - 2025 - 64784 ) - out - of - bounds read ( cve - 2025…"
T1587.004Exploits
36%
", cve - 2025 - 64594, cve - 2025 - 64596, cve - 2025 - 64597, cve - 2025 - 64598, cve - 2025 - 64599, cve - 2025 - 64600, cve - 2025 - 64601, cve - 2025 - 64602, cve - 2025 - 64603, cve - 2025 - 64604, cve - 2025 - 64605, cve - 2025 - 64606, cve - 2025 - 64607, cve - 2025 - 64609…"
T1203Exploitation for Client Execution
31%
"##869, cve - 2025 - 64872, cve - 2025 - 64873, cve - 2025 - 64875, cve - 2025 - 64881 ) adobe dng software development kit ( sdk ) : - integer overflow or wraparound ( cve - 2025 - 64783 ) - heap - based buffer overflow ( cve - 2025 - 64784 ) - out - of - bounds read ( cve - 2025…"

Summary

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

  • Adobe ColdFusion is a rapid web application development platform that uses the ColdFusion Markup Language (CFML).
  • Adobe Experience Manager (AEM) is a content management and experience management system that helps businesses build and manage their digital presence across various platforms.
  • The Adobe DNG Software Development Kit (SDK) is a free set of tools and code from Adobe that helps developers add support for Adobe's Digital Negative (DNG) universal RAW file format into their own applications and cameras, enabling them to read, write, and process DNG images, solving workflow issues and improving archiving for digital photos.
  • Adobe Acrobat is a suite of paid tools for creating, editing, converting, and managing PDF documents.
  • The Adobe Creative Cloud desktop app is the central hub for managing all Adobe creative applications, files, and assets.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.