Adobe recognizes that the security community is a force multiplier in our quest to provide a safe and secure experience for Adobe’s customers. To that end, we welcome the contributions of security researchers and strive to provide the best vulnerability disclosure experience possible.
Researchers who are the first to report a vulnerability will be the researcher acknowledged in the release notes once the vulnerability is resolved. If there are additional team members involved in researching the vulnerability, please provide their name(s) and what their contribution was to the findings when submitting this report.
At the time of report submission, Adobe will request your “testing IP address”. By providing your testing IP address, this will allow Adobe to conduct expedited incident response investigations by ruling your traffic out from valid adversary traffic. This will also help ensure your testing traffic is not blocked/interrupted while bug hunting.
In order to receive a monetary bug bounty payout (when applicable), you must provide your Testing IP address. This information is also required in order to fall within Adobe’s Safe Harbor policy.
Note: you always have the ability, at any time, to request Adobe remove your IP address data. If you need this data expunged, please reach out to [email protected]
Table of Contents
Rewards
Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). Please note these are general guidelines, and reward decisions are at the discretion of Adobe. Adjustments to the bounty payout ranges are noted below each tier’s payout table.
- Multiple vulnerabilities caused by one underlying issue will be awarded one bounty. If multiple submissions indicate a general pattern of weakness, only the first two reports that establish the pattern will be eligible for full bounty even if the fix requires code changes in multiple locations.
- The first reported and confirmed ATO method will receive the full bounty payout based on its validated severity. Any later reports using the same or similar ATO technique, regardless of the targeted endpoint, flow, or user type, will be awarded a reduced bounty, based on the vulnerability’s impact without the Account Takeover scenario. This rule is applicable to all in-scope products.
Security Researcher Hall of Fame
We welcome all security researchers, ranging from hobbyists to full-time ethical hackers, to participate in Adobe's Security Researcher Hall of Fame initiative. At the end of each testing cycle, our Top 10 researchers will be announced and contacted to choose one of our amazing rewards. Please consult this page for more details about this initiative.
Rules of Engagement
Please review the following guidelines before submitting your report:
- DO include the User-Agent string
h1_username while testing. This is a requirement in order to be eligible for a bounty.
- DO include technical details about your finding, proof-of-concept URL(s), screenshots and reproducible steps. If the report is not detailed enough to reproduce the issue, triage will be delayed and the issue may not be eligible for a reward.
- DO submit one vulnerability per report (unless you need to chain vulnerabilities to provide impact).
Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- DO NOT use social engineering (e.g. phishing, vishing, smishing) techniques.
- DO NOT test existing customer environments without explicit permission from the owner. Researchers may perform their testing against their own local installations.
- DO NOT cause a potential or actual denial of service of Adobe applications and systems.
- DO NOT use an exploit to view data without authorization or cause corruption of data.
- DO make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
Response Targets
Adobe makes every effort to meet the following SLAs for hackers participating in our program:
| Type of Response | SLA in business days |
|---|
| First Response | 1 day |
| Time to Triage | 2 days |
| Time to Resolution | dependent on severity and complexity |
We’ll try to keep you informed about our progress throughout the process.
Process
Your submission will be reviewed and validated by a member of the Product Security Incident Response Team.
- When submitting a vulnerability, please provide concise steps to reproduce that are easily understood as well as the impact of the vulnerability.
- Including a proof-of-concept for desktop vulnerabilities will expedite our investigation. We encourage you to use PGP encryption (key here).
- If the same vulnerability is found on multiple hosts associated with the same asset/domain, please include all vulnerable hosts in a single report.
- When duplicates occur, we consider the first report that was received to be treated as unique, and subsequent reports will be marked as a duplicate.
- If either the underlying vulnerability (e.g., XSS) or the resulting impact (e.g., ATO) has already been reported and validated, subsequent reports demonstrating the same vulnerability or materially similar impact chain will be considered duplicates for that component, and only any newly identified element will be eligible for evaluation.
Eligible Vulnerabilities
We encourage the coordinated disclosure of the following eligible application vulnerabilities:
- Cross-site scripting (XSS)
- Prompt Injection that leads to disclosure of sensitive content
- Cross-site request forgery (CSRF) in a privileged context
- Server-side code execution
- Authentication or authorization flaws
- Injection Vulnerabilities
- Directory Traversal
- Information Disclosure
- Particularly clever vulnerabilities or unique issues that do not fall into explicit categories
- Significant Security Misconfiguration (please follow best practice when reporting subdomain takeovers)
To receive credit, you must be the first reporter of a vulnerability. When submitting a vulnerability, please provide concise steps to reproduce that are easily understood.
Eligible AI Vulnerabilities
We encourage the coordinated disclosure of the eligible AI application vulnerabilities listed below, along with other similar vulnerabilities. Before submitting any finding, please review the Program AI Specific Exclusions for out-of-scope vulnerabilities.
| Vulnerability Category | Vulnerability Examples | Scenario Examples | Desired Impact |
|---|
| Generative AI Vulnerabilities | Cross- Prompt Injection Attacks (XPIA) - embeds adversarial instructions within third-party content that the AI system retrieves and processes | An attacker uploads a corporate logo with manipulated EXIF/IPTC metadata to inject malicious instructions. | data exfiltration, privilege escalation, jailbreaking of safety guardrails, credential theft, unauthorized actions through tool use, and content manipulation |
| Agentic AI Vulnerabilities | Unauthorized API Calls, Tool chaining attacks, Parameter injection, Authentication and Authorization issues | An agent with file read, file write, and web request tools can be manipulated to read sensitive files, encode them, and POST to external servers, none of which individually appears malicious. | data exfiltration, privilege escalation, persistent backdoor |
| MCP Vulnerabilities | Compromised MCP Servers, Context poisoning via MCP, Tool Response Manipulation, MCP Protocol Exploits, Unauthorized MCP Server Discovery | Compromise DNS to redirect MCP client connections to malicious servers with similar names. | data exposure, unauthorized tool execution, cross-tenant access, prompt injection leading to real-world actions |
| Model-Level Vulnerabilities | Model backdoors and trojans | Poisoning training data with triggered examples in order to cause specific incorrect predictions. | targeted misclassification, data exfiltration, jailbreaking |
Scope Overview
| Target | Details |
|---|
| Adobe Commerce | Adobe Commerce is a flexible and scalable commerce platform that lets you create uniquely personalised B2B and B2C experiences, no matter how many brands you have. https://business.adobe.com/au/products/magento/magento-commerce.html |
| Content Authenticity Initiative | The CAI’s free open-source tools support a broad and expanding range of content creation tools, from generative AI to digital photography to digital art and more. Each asset is cryptographically hashed and signed to capture a verifiable, tamper-evident record that enables exposure of any changes to the asset or its metadata. Creators can choose to attach attribution information and usage signals directly to their assets. https://contentauthenticity.org/ |
| Adobe Firefly | Adobe Firefly is family of creative generative AI models. Features powered by Firefly are embedded in Adobe’s flagship apps and Adobe Stock. https://firefly.adobe.com/ |
| Learning Manager | Adobe Learning Manager is an award-winning learning platform that integrates learning experiences into your brand’s website and apps. https://business.adobe.com/products/learning-manager/adobe-learning-manager.html |
| Photoshop Web | With Photoshop's online, intuitive, and precise editing tools, you can create images and content you'll love right in your browser. https://photoshop.adobe.com/ |
| Adobe Coldfusion | Adobe ColdFusion is a battle-proven and high-performing application server that makes web development easy for every coder. https://www.adobe.com/products/coldfusion-family.html |
| Acrobat Web | Adobe Acrobat online services let you work with PDFs in any browser. Create and convert PDFs online, reduce a file size, and more. https://acrobat.adobe.com/us/en/ |
| Acrobat Reader Mobile App (Android, iOS) | With Acrobat Reader mobile app you can work on documents anywhere. This app is packed with all the latest tools you need to keep projects moving wherever you are. https://www.adobe.com/acrobat/mobile/acrobat-reader.html |
| Adobe Scan Mobile App (Android, iOS) | Adobe Scan mobile app works on your mobile device as a photo and document scanner that creates PDFs and automatically recognises text. https://www.adobe.com/uk/acrobat/mobile/scanner-app.html |
| Adobe Express | Adobe Express is an all-in-one design, photo, and video tool to make content creation easy. You can get started creating in Adobe Express for free or upgrade for a monthly fee to unlock all the premium value. https://www.adobe.com/express/ |
AI Scope Overview
Important: Please monitor this AI Asset list, as it is subject to updates.
| AI Target | Enabled on | Details |
|---|
| Acrobat AI Assistant | acrobat.adobe.com | AI Assistant allows you to engage in intelligent, context-aware conversations about your documents. |
| Acrobat PDF Spaces | acrobat.adobe.com | PDF Spaces allow you to add multiple files and links, get AI-powered insights, and organize your research in one conversational knowledge hub. It uses the added files and links to generate summaries, answer questions, and surface key insights. More info: https://helpx.adobe.com/acrobat/web/explore-pdf-spaces/create-pdf-spaces.html |
| Acrobat Create Presentations | acrobat.adobe.com | The Generate presentation tool in Adobe Acrobat uses generative AI and Adobe Express design capabilities to build structured, ready-to-edit presentations from simple prompts or existing documents. More info: https://helpx.adobe.com/acrobat/web/create-pdfs/create-presentations/overview.html |
| Acrobat Create Podcast | acrobat.adobe.com | Create podcast feature in Acrobat turns almost any document or PDF Space into a quick, engaging audio overview, ideal for fast learning, hands‑free review, or accessible listening. More info: https://helpx.adobe.com/acrobat/web/use-acrobat-ai/podcasts/create-podcast.html |
| Express AI Assistant | new.express.adobe.com | AI Assistant helps you explore, create, and edit content using prompts. More info: https://helpx.adobe.com/express/web/ai-assistant/adobe-express-ai-assistant-overview.html |
| Firefly Image Models | firefly.adobe.com | Create visually captivating content by generating images from simple text descriptions. More info: https://helpx.adobe.com/firefly/web/generate-images-with-text-to-image/generate-images-using-text-prompts/create-images-from-text-prompts.html |
| Firefly Video Model | firefly.adobe.com | Firefly Video model helps you to generate videos and add them to the timeline in Firefly video editor. More info: https://helpx.adobe.com/firefly/web/firefly-video-editor/generate-videos/generate-video-using-firefly-models.html |
| Lightroom AI Edits | lightroom.adobe.com | Open and edit a photo using the following AI-powered features: Generative Remove, Lens Blur, Adaptive Profile, Masking. More info: https://helpx.adobe.com/ro/lightroom-cc/web/edit-photos/manage-ai-edits.html |
| Lightroom "Edit suggestions" Tech preview | lightroom.adobe.com | This AI feature can suggest you adjustments like: exposure and contrast fixes, color corrections (white balance, vibrance), tone and lighting improvements, preset-style enhancements and apply these suggestions with one click. |
| Photoshop AI Assistant | photoshop.adobe.com | AI Assistant helps you to perform specific edits to enhance the images. More info: https://helpx.adobe.com/photoshop/web/edit-images/retouch/edit-images-with-ai-assistant.html |
| Stock Customize | stock.adobe.com | AI-powered Customize makes searching and evaluating your stock content easy. It helps you speed up your workflow when you make edits to single or multiple images and view your search history, all in one place. More info: https://helpx.adobe.com/stock/how-to/refine-your-search-with-customize1.html |
Testing Plans
General Setup Instructions:
- When registering an account, please use your HackerOne username @wearehackerone.com email alias. This is a required step to be eligible for bounty.
- Create an Adobe Account at https://account.adobe.com/ using your HackerOne handle (e.g. @wearehackerone.com)
Adobe Commerce Test Plan
Please review the following guidelines before submitting your report:
- DO use HackerOne's email aliases feature [username]@wearehackerone.com when registering your account instructions here.
- DO include technical details about your finding, proof-of-concept URL(s), screenshots and reproducible steps. If the report is not detailed enough to reproduce the issue, triage will be delayed and the issue may not be eligible for a reward.
- DO submit one vulnerability per report (unless you need to chain vulnerabilities to provide impact). Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- DO NOT use social engineering (e.g. phishing, vishing, smishing) techniques.
- DO NOT test existing merchant’s stores without explicit permission from the owner. Researchers may perform their testing against their own local installations.
- DO NOT cause a potential or actual denial of service of Magento applications and systems. ==Denial-of-service issues are out-of-scope==, including memory exhaustion from large inputs (Exception: small inputs causing disproportionately large memory usage)
- DO NOT use an exploit to view data without authorization or cause corruption of data.
- DO make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
NOTE: Cross-Site Scripting (XSS) bugs in the admin interface (URLs containing /admin/) where the code is only executed in front-end context but not in admin context will not be accepted. Merchants are explicitly allowed to use active content when designing their stores, so this is a required feature. The admin XSS capability does not give the administrator any additional powers to do harm beyond what other administrative features already allow. XSS issues where an administrator with limited access can impact other administration pages are valid.
Firefly Test Plan
- IDORs in Backend Firefly API related to jobs and data are out-of-scope as the IDs are random UUID4 and are short-lived (72h)
Content Authenticity Initiative Test Plan
Content Authenticity Initiative (CAI) related testing may require you to generate or locate images containing C2PA metadata, also known as Content Credentials. Images can be generated using the c2patool (https://github.com/contentauth/c2patool) located in the Content Authenticity GitHub project. In addition, images with C2PA metadata can be found via several Adobe services. This webpage provides an overview of Content Credential support within different Adobe products and services: https://helpx.adobe.com/creative-cloud/help/content-credentials.html .
Example in-scope vulnerabilities would include:
- Ability to alter the visual rendering of a C2PA-protected image without invalidating the signature
- XSS or injection issues on the Content Credentials Verify site resulting from malicious C2PA metadata
- Security vulnerabilities in C2PA SDKs (c2pa-rs, c2pa-js), including parsing errors, validation bypasses, or cryptographic flaws
- Failures to properly detect invalid, untrusted, or tampered C2PA manifests under default configurations
- Other security issues directly related to C2PA metadata processing or verification
Example out-of-scope vulnerabilities would include:
- Denial-of-service issues, including memory exhaustion from large inputs (Exception: small inputs causing disproportionately large memory usage)
- Removing Content Credentials from an image (explicitly allowed by the threat model)
- Issues requiring non-default or clearly documented insecure configurations
- Malformed manifests generated from valid inputs (tracked as bugs, not security vulnerabilities)
- Use of unsupported platforms, unreleased versions, or non-standard build processes
- Vulnerabilities in Adobe products or services unrelated to C2PA metadata processing
- C2PA SDK internal functions explicitly marked as unsafe
The following issues are currently known and work is underway. Reports will not be accepted until remediation is complete and published:
* Network access triggered by C2PA manifest input (mitigations in progress)
* Enforcement of the CAWG X.509 trust model
Additional details, examples, and testing resources are available at:
Adobe Acrobat Web Test Plan
Setup Instructions:
- When registering an account, please use your HackerOne username @wearehackerone.com email alias. This is a required step to be eligible for bounty.
- Create an Adobe Account at https://account.adobe.com/ using your HackerOne handle (e.g. @wearehackerone.com)
- Navigate to https://acrobat.adobe.com/us/en/ to get started!
Note: Acrobat Web AI Assistant is also part of the scope.
IMPORTANT - Document Cloud Adobe Acrobat Web specific out-of-scope:
- Document Cloud Adobe Sign Web production environment *.adobesign.com.
- Rate limiting bypasses, race conditions, and concurrency-related findings are considered out of scope unless they demonstrate a significant and tangible security impact. Minor over-utilization of features through concurrent requests — such as exceeding a soft usage limit (e.g., triggering additional PDF conversions beyond the intended threshold) — does not constitute a valid security vulnerability, as the associated risk is accepted within our current threat model.
Learning Manager Test Plan
Setup Instructions:
- Login to your Adobe account associated with your HackerOne username @wearehackerone.com.
- Go to https://learningmanagerstage4.adobe.com/acapindex.html and authenticate using your credentials.
IMPORTANT – Adobe Learning Manager specific out-of-scope:
- ==Improper access controls vulnerabilities in Custom roles and Social Learning functionalities are temporarily out-of-scope due to planned maintenance/upgrades.==
- Users with any of these roles - Admin, Integration Admin, Author or Instuctor affecting other users
- XSS in Admin, Integration Admin, Author or Instructor
- Any exploit from a user affecting only themselves.
- Desktop companion Application.
- Social engineering using adobe.com links of a trial account due to unverified trial account creation.
- Exploits related to uploading arbitrary binary file formats by learner.
- Denial-of-service testing and production testing (only test against the provided stage environment)
- Vulnerabilities related to OAuth misconfigurations (including ATOs) are temporarily out of scope due to planned maintenance/upgrades
Photoshop Web Test Plan
Setup Instructions:
- Login to your Adobe account associated with your HackerOne username @wearehackerone.com.
- Navigate to https://www.photoshop.adobe.com to get started!
IMPORTANT - Adobe Photoshop Web Out-of-Scope
- All Program Exclusions still apply
- You will be testing Photoshop Web in PROD. DO NOT cause a potential or actual denial of service of Adobe applications and systems.
- Endpoints owned by 3rd party hosts…
* https://.contentsquare.net
* https://.cookielaw.org
* https://.demdex.net
* https://.doubleclick.net
* https://.google.com
* https://.googleapis.com
* https://.gstatic.com
* https://.newrelic.com
* https://.nr-data.net
* https://.recaptcha.net
* etc..
ColdFusion Test Plan
IMPORTANT - Reports against ColdFusion without Lockdown installer in place are out-of-scope. We recommend testing on the latest available version ColdFusion 2025, even if previous versions are still supported.
Setup Instructions:
- Download the ColdFusion installer under "Download Trial Edition" from here: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html#cf-download0
- Download the Lockdown installer under "Download Adobe ColdFusion(2025 release) Server Auto-Lockdown" from here:
https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html#cf-download0
- Follow the setup instructions for the ColdFusion server (https://helpx.adobe.com/coldfusion/installing/installing-the-server-configuration.html) and for the Lockdown server (https://helpx.adobe.com/coldfusion/using/server-lockdown.html).
Other ways to install ColdFusion (these don't include Lockdown installer) :
-
Docker - Docker images for ColdFusion (adobe.com)
-
ZIP installer:
* https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html#cf-download0
* https://helpx.adobe.com/in/coldfusion/using/install-coldfusion-2021.html
-
Cloud images:
* AWS
AWS Marketplace: Adobe ColdFusion (2023 Release) Windows (amazon.com)
AWS Marketplace: Adobe ColdFusion (2023 Release) Ubuntu Linux (amazon.com)
* **Azure**
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/coalescesolutionsllc1649284093713.cf2023windows?tab=Overview
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/coalescesolutionsllc1649284093713.cf2023linux?tab=Overview
IMPORTANT:
- All unresolved findings previously submitted for CF 2021 and CF 2023 are also being verified for CF 2025. Therefore, resubmitting them will result in rejection or closure as duplicates.
- XXE vulnerabilities are temporarily out of scope due to planned maintenance/upgrades.
- ColdFusion specific out-of-scope:
* ColdFusion API Manager – Tool that helps you to create APIs that expose core functionalities of application and other backend systems. This is deprioritized with no active development.
* CFFiddle – Playground that allows developers to quickly test code snippets, share their work with others, and collaborate on projects. The infra is managed by third party with minimal involvement from ColdFusion team
* Coldfusion.adobe.com – Portal used by customer for posting discussions, blogs and announcements. Its not a ColdFusion application( uses WordPress and PHP)
Lightroom Web Test Plan
Setup Instructions:
- Login to your Adobe account associated with your HackerOne username @wearehackerone.com.
- Navigate to https://www.lightroom.adobe.com to get started!
IMPORTANT – Lightroom Web specific out-of-scope:
- Vulnerabilities related to "Google Photos" are out of scope.
- Denial-of-service testing is explicitly out of scope.
#IMS Test Plan
Setup Instructions:
- When registering an account, please use your HackerOne username @wearehackerone.com email alias. This is a required step to be eligible for bounty.
- Create an Adobe Account at https://account.adobe.com/ using your HackerOne handle (e.g. @wearehackerone.com)
IMPORTANT – IMS specific out-of-scope:
- Denial-of-service testing is explicitly out of scope. Any DOS testing will likely result in an auto-IP block
- Vulnerabilities related to IMS OAuth are temporarily out of scope due to planned maintenance/upgrades
- For account.adobe.com, "Plans and payment" sections and other settings which are not Identity/IMS related are out-of-scope. Only submissions related to security profile will be accepted (e.g. https://account.adobe.com/security).
#Express Test Plan
Setup Instructions:
- Visit https://new.express.adobe.com/ and select "Continue with Email" option.
- Enter your Adobe account credentials and start testing the app. ( ! Your Adobe account must be registered with your HackerOne email address @wearehackerone.com. This is a required step to be eligible for bounty).
- IMPORTANT: Denial-of-service testing is explicitly out of scope. Any DOS testing will likely result in an auto-IP block. Also, express.adobe.com and express-embed.adobe.com are out-of-scope.
#Behance Test Plan
Setup Instructions:
- Create an Adobe Account at https://net.s2stagehance.com using your HackerOne handle (e.g. @wearehackerone.com)
- When registering an account, please use your HackerOne username @wearehackerone.com email alias. This is a required step to be eligible for bounty.
IMPORTANT:
- Do not test against any additional domains that this site uses for static content, adobelogin.com, etc. Testing against the public production web site (www.behance.net) is also not permitted.
- Any scenario in which a logged-in user is able to access content that is intended to be restricted(blocked) but is publicly accessible will be considered out-of-scope.
- Any vulnerabilities that disclose public information that is available on the website via Behance public APIs ( v2/users, v2/projects, /v3/graphql etc) are considered out of scope.
#Portfolio Test Plan
Setup Instructions:
- Create an Adobe Account at https://net.s2stagehance.com using your HackerOne handle (e.g. @wearehackerone.com) and authenticate using your credentials.
- Once authenticated in the stage environment for Behance, go to https://portfolio.ccpsx.com/ and you will be prompted to continue with your Behance account.
- IMPORTANT: Do not test against any additional domains that this site uses for static content, adobelogin.com, etc. Testing against the public production web site is also not permitted.
Program Exclusions
While we encourage any submission affecting the security of an Adobe web property, unless evidence is provided demonstrating exploitability, the following examples are excluded from this program:
- DoS / resource consumption testing unless it leads to sensitive memory disclosure
- Vulnerabilities in mobile applications relying on the installation of a malicious APK are out-of-scope due to limited real-world exploitability
- Mobile app submissions that require the use of rooted or jailbroken devices will not be accepted
- Mobile app submissions related to Oauth secret leaks are excluded as they are designed in a way to not provide any significant access / damage
- Content spoofing and text injection issues without showing an attack vector or without being able to modify HTML/CSS
- Self-XSS [to be valid, cross-site scripting issues must be exploitable via reflected, stored or DOM-based attacks]
- Logout and other instances of low-severity Cross-Site Request Forgery(CSRF)
- Cross-site tracing (XST)
- Open redirects with low security impact (exceptions are those cases where the impact is higher such as stealing OAuth tokens)
- Missing HTTP security headers
- Missing cookie flags on non-sensitive cookies
- Password and account recovery policies, such as reset link expiration or password complexity
- Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM)
- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
- Missing best practices in SSL/TLS configuration.
- Clickjacking/UI redressing with no practical security impact
- Software version disclosure
- Username / email enumeration via Login Page or Forgot Password Page error messages
- Brute-forcing credentials
- Methods to extend product trial periods.
- Comma Separated Values (CSV) injection without demonstrating a vulnerability.
- Vulnerabilities in custom code developed by merchants / 3rd parties.
- Vulnerabilities in 3rd party extensions or available from the extension market.
- Use of known-vulnerable libraries without proof of exploitation, e.g. OpenSSL.
- Attacks requiring MITM or physical access to a user's device.
- Vulnerabilities that require disabling security features enabled in default configurations.
- Submissions claiming NPM package confusion/takeover should include proof that the system(s) downloading the malicious NPM package belong to Adobe.
- CRX/CRXDE related flaws if you are not able to extract PII information by exploiting this type of AEM misconfiguration
- Subdomain takeover without a working POC to demonstrate the ability to claim the corresponding resource. Also, using an existing POC of somebody else who discovered it previously will result in the report being closed as Not Applicable.
- Reports that only reference data listed on third-party breach or credential-dump services are out of scope and not accepted unless the reporter can demonstrate the exposure originated from a vulnerability in Adobe systems.
- Reports solely based on an LLM generating misleading, or factually incorrect content in response to user prompts are out of scope, unless the behavior demonstrates a clear and reproducible security impact (e.g., unauthorized access, data exposure, or policy bypass).
Program AI Specific Exclusions
General exclusions:
- Prompt Influence Without Backend Impact: Prompting techniques (including system-style or instruction-based prompts) that may influence model responses but do not bypass backend authorization checks, access restricted data, or alter enforced system behavior. (e.g a prompt injection disclosing generic guidelines followed by any model)
- Role Confusion Without Unauthorized Disclosure: Role ambiguity or role-play behavior that does not lead to disclosure of internal system prompts, policies, secrets, credentials, or other non-public information.
- Model Response Deviation Without Security Control Bypass: Divergence, hallucinations, or deviations from expected safety or response behavior that do not bypass security controls, enforcement mechanisms, or trust boundaries.
- LLM Interpretation and Reasoning Limitations: Known limitations in LLMs related to intent inference, semantic understanding, visual interpretation, or trust-boundary assumptions where no exploitability or security impact is demonstrated.
Product specific exclusions:
- Photoshop: Any vulnerabilities associated with the AI Features’ usage limits on the free tier are considered out of scope.
#CVSS Guidelines
CVSS 3.1 scoring system will be used for assessment and calculation. Attack Complexity (AC) and Privileges Required(PR) metrics are dependent of the affected product and environment setup. For most of the CWEs listed below, we will consider the generic AC:L and PR:N. The following section will detail those 2 metrics for a tailored CVSS calculation:
###Attack Complexity (AC):
- Low (L): no special conditions are required for a successful attack beyond what is typical or expected in normal exploitation scenarios
- No unpredictable factors
- No product environmental non-default settings,
- No unreliable exploit that doesn't succeed every time
- High (H): a successful attack depends on conditions beyond the attacker's control, making the attack less reliable or harder to reproduce
- Relies on timing or race conditions
- Exploit only works on non-default configurations
- IDOR with Unpredictable Resource Identifiers (/api/invoice/4f2c9b8e-1e49-431d-bf20-0c97eac7a991)
###Privileges required (PR):
- None (N): unauthenticated endpoints, self sign-up applications, guest role etc.
- Low (L): attacker requires authentication but only minimal user-level access, no special roles or permissions are required
- High (H): attacker holds a high-privilege role such as admin, root, system operator etc.
###Note:
- The following CVSS scores reflect the generic capabilities of the most common CWEs, other CWEs or misconfigurations cannot be standardised due to the unique requirements and impact they may pose.
- Product specifics can also influence the CVSS later by understanding existing mitigations or limitations that could downgrade the typical score.
- For multiple vulnerabilities chained together, the final CVSS will illustrate the combined highest impact.
##Cross-site Scripting (Reflected XSS) (CWE-79) | Cross-site Scripting (Stored XSS) (CWE-79) | Cross-site Scripting (DOM-based XSS) (CWE-79)
- Regular XSS - no cookie/auth token exfiltration: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
- ATO impact - demonstrates cookie/auth token exfiltration to attacker controlled server: 9.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
##Server-Side Request Forgery (SSRF) (CWE-918)
- No sensitive internal endpoint is accessed: 5.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
- Sensitive internal endpoint is reached: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
##Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
- No sensitive directory is accessed: 5.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
- Sensitive directory is accessed: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
##Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
- No sensitive directory is accessed: 5.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
- Sensitive directory is accessed or SSRF capability: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
- DoS impact using Billion Laughs attack: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
##Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
- Unless there are other limitations in place: 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
##Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
- Unless there are other limitations in place: 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
##Deserialization of Untrusted Data (CWE-502)
- Unless there are other limitations in place: 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
##Use of Hard-coded Credentials (CWE-798) | Use of Default Credentials (CWE-1392)
- C:L - when credentials provide access only test environments / demo data: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
- C:H - credentials can be used to extract sensitive data or PII: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
- For additional integrity impact, credentials must grant privileges to alterate relevant production data or configurations: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
- For additional availability impact, credentials must grant privileges to destroy relevant production data or configurations: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
##Incorrect Authorization (CWE-863) | Insecure Direct Object Reference (IDOR)
- C:L - able to read unauthorised non-sensitive data (basic metadata, user configurations, email addresses): 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
- C:H - able to access PII, source code, credentials etc: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
- I:L - able to modify data in a limited way (changing the status of another user's order): 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
- I:H - user role privilege escalations, change sensitive/PII data, change security configurations, financial integrity impact: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
- A:L - minor, temporarily or recoverable disruptions: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
- A:H - delete critical data, disable user access or important services/features: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
##Cross-Site Request Forgery (CSRF) (CWE-352)
- I:L - changing user profile information, initiating user actions with limited consequences: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
- I:H - modifying critical account details like email or password, changing security settings, performing financial transactions: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
- A:L - initiating account lockout processes, submitting a resource-intensive operation: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
- A:H - causes the victim’s account or service to be deleted, disabled, or suspended: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
##Desktop Memory Corruption Vulnerabilities
- Memory leak impact: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
- Arbitrary code execution impact: 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Disclosure
In the interest of fostering coordinated disclosure, Adobe will collaborate with finders in good faith who wish to disclose vulnerabilities. To protect our customers, we expect that finders will wait until a fix has been made available and communicated to impacted customers, or a reasonable period of time has elapsed since notification.
Minors
Minors are welcome to participate in the program by submitting issues for review. However, the Children's Online Privacy Protection Act (COPPA) restricts our ability to collect personal information from children under 13, so minors who are 12 years old or younger must have their parent or legal guardian submit their information in order to claim a bounty.
Ineligible Participants
This program is not open to individuals who reside in Venezuela, Mainland China, Hong Kong, Russia, Belarus, Ukraine, Cuba, Iran, North Korea, Crimea region of Ukraine, Sudan, or Syria.
Terms and Conditions
- Please use your own account for testing or research purposes. Do not attempt to gain access to another user’s account or confidential information.
- Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue may not be marked as triaged.
- Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
- When duplicates occur, we only triage the first report that was received (provided that it can be fully reproduced).
- If either the underlying vulnerability (e.g., XSS) or the resulting impact (e.g., ATO) has already been reported and validated, subsequent reports demonstrating the same vulnerability or materially similar impact chain will be considered duplicates for that component, and only any newly identified element will be eligible for evaluation.
- Multiple vulnerabilities caused by one underlying issue will be treated as one valid report.
- Social engineering (e.g. phishing, vishing, smishing) is prohibited.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
- Please do not test for spam, social engineering, or denial of service issues.
- Please do not engage in any activity that can potentially or actually cause harm to Adobe, our customers, or our employees.
- Do not engage in any activity that violates (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) data, assets, or systems reside, (ii) data traffic is routed, or (iii) the researcher is conducting research activity.
- Do not store, share, compromise, or destroy Adobe or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact Adobe. This step protects any potentially vulnerable data, and you.
