How to fix CVE-2025-43574?

Within 24 hours: Inventory all Acrobat Reader installations and identify affected versions (24.001.30235, 20.005.30763, 25.001.20521 and earlier); issue security alert to end users warning against opening PDFs from untrusted sources. Within 7 days: Implement application whitelisting or disable Acrobat Reader where feasible; deploy endpoint detection and response (EDR) rules to monitor suspicious Acrobat process behavior; consider restricting PDF handling to web-based viewers (Office 365, Google Drive). Within 30 days: Monitor vendor for patch availability and establish expedited deployment plan; evaluate alternative PDF readers with lower attack surface; conduct user awareness training on file handling hygiene.

Is Use After Free affected by CVE-2025-43574?

Adobe Acrobat Reader versions up to 25.001.20521 contain a critical Use After Free vulnerability (CVE-2025-43574) enabling arbitrary code execution when users open malicious PDF files.

CVE-2025-43574

EUVD-2025-17822 HIGH

2025-06-10 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17822

CVE Published

Jun 10, 2025 - 19:15 nvd

HIGH 7.8

Description

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Analysis

Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.

Technical Context

This vulnerability exploits a Use After Free (CWE-416) condition within Adobe Acrobat Reader's PDF parsing or rendering engine. UAF vulnerabilities occur when a program references memory that has been freed, allowing attackers to manipulate that memory space to achieve code execution. In the context of Acrobat Reader, a maliciously crafted PDF file can trigger premature deallocation of a critical object during document processing, and subsequent operations on freed pointers enable arbitrary code execution. The affected CPE range spans multiple major versions (20.x, 24.x, 25.x), indicating a longstanding vulnerability potentially present across different code branches. The requirement for user interaction (opening a file) is a critical factor that limits but does not eliminate real-world risk.

Affected Products

Adobe Acrobat Reader (['25.001.20521 and earlier (2025 release branch)', '24.001.30235 and earlier (2024 release branch)', '20.005.30763 and earlier (2020 release branch)'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +39

POC: 0

CVE-2025-43574 vulnerability details – vuln.today

Back

CVE-2025-43574

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-43574

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code