Skip to main content

Acrobat Dc CVE-2025-43575

| EUVDEUVD-2025-17824 HIGH
Out-of-bounds Write (CWE-787)
2025-06-10 psirt@adobe.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17824
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 19:15 nvd
HIGH 7.8

DescriptionCVE.org

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.

Technical ContextAI

The vulnerability exists in Adobe Acrobat Reader's PDF parsing engine, specifically in memory handling functions that process embedded objects or content streams without proper bounds checking. CWE-787 (Out-of-bounds Write) indicates that the application writes data beyond the allocated buffer boundaries, potentially overwriting adjacent memory regions including the heap or stack. This occurs during PDF file parsing, affecting multiple versions across the 20.x, 24.x, and 25.x release branches (CPE patterns: cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*). The vulnerability is triggered through specially crafted PDF documents that exploit improper validation of object sizes or stream lengths during document rendering or processing.

RemediationAI

Patching: Update Adobe Acrobat Reader to versions newer than the affected releases: upgrade to 25.001.20522 or later, 24.001.30236 or later, or 20.005.30764 or later depending on deployment track.; priority: High Vendor Advisory: Consult Adobe Security Bulletin APSB25-XX (assumed numbering) for official patch availability and deployment guidance. Register affected systems with Adobe for vulnerability notifications.; priority: High Workaround (Temporary): Disable automatic PDF opening in email clients and web browsers; require manual user confirmation before opening PDFs from untrusted sources. Use sandbox or isolated environments for opening untrusted documents.; priority: Medium Detection & Monitoring: Monitor endpoint logs for abnormal Acrobat Reader process behavior (child process creation, network connections, memory access violations). Use host-based intrusion detection to flag PDF files with embedded executable content or suspicious object streams.; priority: Medium

CVE-2016-4203 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2015-7622 CRITICAL POC
10.0 Oct 14

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.

CVE-2016-4208 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4207 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4206 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4205 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4204 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4201 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-1077 CRITICAL POC
9.8 May 11

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acro

CVE-2017-16385 HIGH
8.8 Dec 09

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver

CVE-2017-16396 HIGH
8.8 Dec 09

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver

CVE-2017-16395 HIGH
8.8 Dec 09

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver

Share

CVE-2025-43575 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy