Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.
Technical ContextAI
The vulnerability exists as a Use After Free (CWE-416) condition within Adobe Acrobat Reader's document parsing or rendering engine. CWE-416 occurs when software references memory that has been previously freed, potentially allowing attackers to execute arbitrary code by controlling freed memory contents through heap spray or similar techniques. The affected versions span multiple product lines (DC 24.x, Classic 20.x, and newer 25.x branches), suggesting the vulnerability exists in a shared code component across Acrobat Reader's rendering or PDF interpretation subsystem. The Local Attack Vector (AV:L) indicates exploitation requires the victim to execute Acrobat Reader locally with a crafted PDF file, while Low Attack Complexity (AC:L) demonstrates the UAF can be reliably triggered without specialized conditions.
RemediationAI
Immediate actions: (1) Patch to latest available versions—Adobe typically releases patches within 30 days of CVE publication; monitor Adobe Security Bulletin APSB-2025 series for official patch releases; (2) For DC 2024: upgrade to version 24.002.x or later when available; for Classic 20.x: upgrade to 20.006.x or later; for DC 2025: upgrade to 25.002.x or later; (3) Interim workarounds pending patching: disable JavaScript execution in Acrobat Reader (Edit > Preferences > JavaScript > uncheck 'Enable Acrobat JavaScript'), restrict PDF file execution to trusted sources only, deploy application whitelisting to prevent Acrobat Reader from executing unsigned code, implement content filtering to block suspicious PDF attachments; (4) Enterprise mitigation: use Adobe Reader DC with enterprise deployment tools to enforce security settings, consider alternative PDF readers (Foxit, SumatraPDF) for non-critical workflows until patched; (5) Monitor Adobe Security Updates page (https://helpx.adobe.com/security.html) for official patch availability and CVSS confirmation.
More in Acrobat Reader Dc
View allAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acro
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver
Same weakness CWE-416 – Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17828