Software maker Adobe on Tuesday rolled out fixes for more than a dozen security defects in multiple products and warned that malicious hackers can exploit these bugs in remote code execution attacks.

The company said the vulnerabilities affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and the Adobe Substance 3D Designer. 

According to Adobe’s documentation, the Photoshop update is available for Windows and macOS and should be treated with urgency because of the risk of code execution exploitation via booby-trapped files.

The raw details:

• Adobe Photoshop — This update addresses a pair of arbitrary code execution bugs (CVE-2025-21127 and CVE-2025-21122) with critical-severity ratings. 

• Adobe Substance3D Stager — This bulletin documents five critical-severity memory safety flaws that could lead to arbitrary code execution in the context of the current user.    These bugs carry a CVSS severity score of 7.8/10 and affects both Windows and macOS users.

• Adobe Illustrator for iPad — This covers two separate memory safety issues that expose Apple iPad users to code execution attacks. Both flaws are rated critical with CVSS severity scores of 7.8/10.

• Adobe Animate — This update addresses an integer underflow bug that could lead to   arbitrary code execution exploits. Available for both Windows and macOS users.

• Adobe Substance3D Designer — Includes patches for four critical memory safety defects affecting all platforms.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

Adobe said it was not aware of any exploits in the wild for this month’s patch batch.

Related: Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days

Related: Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product

Related: Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies

Related: SAP Patches Critical Vulnerabilities in NetWeaver