Software maker Adobe has rolled out urgent patches with fixes for security defects in multiple product lines and warned of code execution risks on Windows and macOS platforms.

The Patch Tuesday release includes a major security makeover for Adobe Commerce and Magento Open Source, an enterprise-facing product regularly in the crosshairs of malicious hackers.

A critical-severity bulletin from Adobe documents 25 vulnerabilities in Adobe Commerce that expose businesses code execution, privilege escalation, and security feature bypass attacks. Two of the 25 vulnerabilities carry a CVSS severity score of 9.8/10.

Adobe said impacted versions include Adobe Commerce 2.4.7-p2 and earlier, as well as Magento Open Source 2.4.7-p2 and earlier.  

The San Jose, Calif. company also documented a pair of critical-rated vulnerabilities in the Adobe Dimension software, warning that successful exploitation could lead to arbitrary code execution. 

A separate bulletin documents at least 10 flaws in the Adobe Animate software that could expose users to code execution and memory leaks.

The company also documented critical security problems in Adobe Lightroom, Adobe InCopy, Adobe InDesign, Adobe Substance 3D Stager and Adobe FrameMaker.

Adobe’s product security incident response team said it was not aware of any in-the-wild exploitation for any of the issues documented this month.

Related: SAP Patches Critical Vulnerability in BusinessObjects

Related: macOS Sequoia Update Fixes Security Software Compatibility Issues

Related: Qualcomm Alerted to Possible Zero-Day Exploited in Targeted Attacks

Related: Android’s October 2024 Update Patches 26 Vulnerabilities