SecuriTricks - CVE-2025-64899

Description

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product(s) Impacted

Vendor	Product	Versions
Adobe	Acrobat Reader	24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	adobe	acrobat_reader	24.001.30264	/	/	/	/	/	/	/
a	adobe	acrobat_reader	20.005.30793	/	/	/	/	/	/	/
a	adobe	acrobat_reader	25.001.20982	/	/	/	/	/	/	/
a	adobe	acrobat_reader	24.001.30273	/	/	/	/	/	/	/
a	adobe	acrobat_reader	20.005.30803	/	/	/	/	/	/	/

References

https://helpx.adobe.com/security/products/acrobat/apsb25-119.html

CVSS Score

7.8 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Dec. 9, 2025, 9:15 p.m.
Last Modified: Dec. 9, 2025, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@adobe.com

CVE-2025-64899