CVE-2021-42725

Name of the Vulnerable Software and Affected Versions Adobe Bridge versions prior to 11.1.1 Adobe Experience Manager versions prior to 6.5.9.0

Description The issue is related to insecure handling of malicious files and improper access control. For Adobe Bridge, it involves a memory corruption vulnerability due to the insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. For Adobe Experience Manager, an improper access control vulnerability leads to a security feature bypass, allowing an unauthenticated attacker to gain access to arbitrary pages by manipulating referer headers.

Recommendations For Adobe Bridge version 11.1.1 and earlier, update to a version later than 11.1.1. For Adobe Experience Manager version 6.5.9.0 and earlier, update to a version later than 6.5.9.0. As a temporary workaround, consider restricting access to sensitive pages and implementing additional access controls until a patch is available.