InfoSecBulletin Cybersecurity for mankind
The Indian Computer Emergency Response Team (CERT-In) has warned Adobe users about a high-risk cybersecurity issue. Adobe recently found serious security problems in various versions of their software, including Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge.
CERT-In classifies the vulnerabilities as “HIGH” severity and advises users to act quickly to protect their systems by updating their Adobe software. If left unattended, attackers could use these vulnerabilities to cause memory leaks and run unauthorized code on targeted systems, resulting in serious consequences such as stolen data, system crashes, and unauthorized access to sensitive information.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
In addition to Adobe Products, the CERT-In has also issued critical vulnerability warnings for IBM WebSphere application server and Joomla Content Management System.
According to CERT-In, several underlying issues are responsible for the vulnerabilities found in Adobe products:
Integer Overflow or Wraparound: This vulnerability occurs when an arithmetic operation surpasses the maximum capacity of the integer data type used to store the value, leading to unexpected behavior or crashes.
Heap-based Buffer Overflow: This arises when data surpasses the designated buffer capacity in the heap memory, potentially allowing attackers to execute unauthorized code.
Out-of-bounds Write and Read: These vulnerabilities occur when software reads or writes data beyond the allocated memory boundaries, leading to data corruption, crashes, or code execution.
Untrusted Search Path: This vulnerability arises when software searches for resources in untrusted directories, which attackers can exploit to execute malicious code.
IBM WebSphere Application Server Under Fire:
CERT-In has also reported a vulnerability in IBM WebSphere Application Server (CVE-2024-0215) that could allow Remote Code Execution (RCE) attacks. This means attackers could potentially exploit this flaw to execute malicious code on the server, granting them complete control of the system.
According to IBM, “a remote attacker could exploit this vulnerability to execute arbitrary code on the system with a specially crafted sequence of serialized objects.”
The bulletin applies to:
IBM WebSphere Application Server Traditional V9.0 or earlier versions
IBM WebSphere Application Server Network Deployment V8.5 or earlier versions
IBM has recommended updating to the following versions to address the vulnerability or fix the pack that contains the APAR PH61489.
For V9.0.0.0 through 9.0.5.20:
Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH61489
–OR–
· Apply Fix Pack 9.0.5.21 or later (targeted availability 3Q2024).
For V8.5.0.0 through 8.5.5.25:
Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH61489
–OR–
· Apply Fix Pack 8.5.5.26 or later (targeted availability 3Q2024).
Users can find detailed information and download the updates from the official IBM Security Bulletin.
