EUVD-2025-17828CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Analysis
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.
Technical Context
The vulnerability exists as a Use After Free (CWE-416) condition within Adobe Acrobat Reader's document parsing or rendering engine. CWE-416 occurs when software references memory that has been previously freed, potentially allowing attackers to execute arbitrary code by controlling freed memory contents through heap spray or similar techniques. The affected versions span multiple product lines (DC 24.x, Classic 20.x, and newer 25.x branches), suggesting the vulnerability exists in a shared code component across Acrobat Reader's rendering or PDF interpretation subsystem. The Local Attack Vector (AV:L) indicates exploitation requires the victim to execute Acrobat Reader locally with a crafted PDF file, while Low Attack Complexity (AC:L) demonstrates the UAF can be reliably triggered without specialized conditions.
Affected Products
Adobe Acrobat Reader affected versions include: (1) DC 2024 branch: version 24.001.30235 and earlier; (2) Classic/Continuous Release 2020 branch: version 20.005.30763 and earlier; (3) DC 2025 branch: version 25.001.20521 and earlier. CPE identifiers would typically follow: cpe:2.3:a:adobe:acrobat_reader_dc:24.001.30235:*:*:*:*:*:*:* and equivalent patterns for 20.x and 25.x branches. All platforms (Windows, macOS, Linux) running these versions are affected. Enterprise deployments using Acrobat Reader for document workflows, healthcare organizations processing PDFs, financial services, and legal firms managing contracts are all in scope.
Remediation
Immediate actions: (1) Patch to latest available versions—Adobe typically releases patches within 30 days of CVE publication; monitor Adobe Security Bulletin APSB-2025 series for official patch releases; (2) For DC 2024: upgrade to version 24.002.x or later when available; for Classic 20.x: upgrade to 20.006.x or later; for DC 2025: upgrade to 25.002.x or later; (3) Interim workarounds pending patching: disable JavaScript execution in Acrobat Reader (Edit > Preferences > JavaScript > uncheck 'Enable Acrobat JavaScript'), restrict PDF file execution to trusted sources only, deploy application whitelisting to prevent Acrobat Reader from executing unsigned code, implement content filtering to block suspicious PDF attachments; (4) Enterprise mitigation: use Adobe Reader DC with enterprise deployment tools to enforce security settings, consider alternative PDF readers (Foxit, SumatraPDF) for non-critical workflows until patched; (5) Monitor Adobe Security Updates page (https://helpx.adobe.com/security.html) for official patch availability and CVSS confirmation.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today