Skip to main content

Acrobat Reader CVE-2025-43550

| EUVDEUVD-2025-17826 HIGH
Use After Free (CWE-416)
2025-06-10 psirt@adobe.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17826
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 19:15 nvd
HIGH 7.8

DescriptionCVE.org

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.

Technical ContextAI

The vulnerability exploits a Use After Free (CWE-416) condition in Adobe Acrobat Reader's PDF processing engine. CWE-416 occurs when software references memory that has been freed, allowing attackers to manipulate freed memory regions to achieve code execution. In this context, the PDF parsing logic likely frees object references prematurely while other components continue to operate on those memory addresses. When processing maliciously crafted PDF files, an attacker can trigger this race condition or logic flaw to overwrite freed memory with executable code or manipulate object pointers. The vulnerability affects Adobe's core rendering engine used across multiple Acrobat Reader versions (CPE would include cpe:2.3:a:adobe:acrobat_reader:*). The local attack vector (AV:L) indicates the malicious file must be opened locally, typically via email attachment, web download, or file-sharing mechanism.

RemediationAI

Immediate actions: (1) Update Adobe Acrobat Reader to patched versions when released by Adobe; vendors typically issue security updates within 30 days of CVE publication. Monitor Adobe Security Bulletins (adobe.com/security) for official patch availability and version numbers. (2) Interim mitigations while awaiting patches: disable PDF opening in email clients and require users to download and manually open PDFs from trusted sources; disable JavaScript execution within Acrobat Reader (Edit > Preferences > JavaScript > Disable JavaScript); deploy sandboxing or application whitelisting to limit Reader process capabilities; restrict file execution from user-writable directories. (3) Network controls: block suspicious PDF attachments at email gateways using threat intelligence signatures once public exploits emerge; monitor for suspicious Acrobat Reader process behavior (memory corruption attempts, unusual child process spawning). (4) Enterprise: prioritize patching for versions 24.x and 25.x (current release lines) first, then address legacy 20.x installations. Establish a baseline for Acrobat Reader version compliance and deploy patches via existing software distribution mechanisms (WSUS, Jamf, Linux package managers).

CVE-2013-2730 CRITICAL POC
10.0 May 16

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke

CVE-2015-3073 CRITICAL POC
10.0 May 13

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass inten

CVE-2014-9160 CRITICAL
10.0 May 13

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows

CVE-2013-3356 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2013-3353 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2013-3351 CRITICAL
10.0 Sep 12

Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and M

CVE-2015-7622 CRITICAL POC
10.0 Oct 14

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.

CVE-2013-3358 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2013-3357 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2014-0561 CRITICAL
10.0 Sep 17

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X a

CVE-2012-0774 CRITICAL
10.0 Apr 10

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitra

CVE-2012-1525 CRITICAL
10.0 Aug 15

Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X a

Share

CVE-2025-43550 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy