What is the CVSS score of CVE-2025-43575?

CVE-2025-43575 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Acrobat are affected by CVE-2025-43575?

A critical vulnerability in Adobe Acrobat Reader versions 24.001.30235, 20.005.30763, and 25.001.20521 allows attackers to execute arbitrary code when users open malicious PDF files.

How to fix or mitigate CVE-2025-43575?

Within 24 hours: Inventory all systems running affected Acrobat Reader versions and disable the application where operationally feasible; issue security alert to all users warning against opening PDFs from untrusted sources. Within 7 days: Implement mandatory use of alternative PDF readers (e.g., Chrome, Edge, or web-based viewers) for document handling; deploy endpoint detection and response (EDR) monitoring for suspicious Acrobat processes. Within 30 days: Establish a patch deployment timeline with Adobe once fixes are released; conduct user awareness training on PDF-based threats and safe document handling practices.

Acrobat CVE-2025-43575

EUVD-2025-17824 HIGH

Out-of-bounds Write (CWE-787)

2025-06-10 psirt@adobe.com

RCE Buffer Overflow Adobe Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17824

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 19:15 nvd

HIGH 7.8

DescriptionNVD

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.

Technical ContextAI

The vulnerability exists in Adobe Acrobat Reader's PDF parsing engine, specifically in memory handling functions that process embedded objects or content streams without proper bounds checking. CWE-787 (Out-of-bounds Write) indicates that the application writes data beyond the allocated buffer boundaries, potentially overwriting adjacent memory regions including the heap or stack. This occurs during PDF file parsing, affecting multiple versions across the 20.x, 24.x, and 25.x release branches (CPE patterns: cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*). The vulnerability is triggered through specially crafted PDF documents that exploit improper validation of object sizes or stream lengths during document rendering or processing.

RemediationAI

Patching: Update Adobe Acrobat Reader to versions newer than the affected releases: upgrade to 25.001.20522 or later, 24.001.30236 or later, or 20.005.30764 or later depending on deployment track.; priority: High Vendor Advisory: Consult Adobe Security Bulletin APSB25-XX (assumed numbering) for official patch availability and deployment guidance. Register affected systems with Adobe for vulnerability notifications.; priority: High Workaround (Temporary): Disable automatic PDF opening in email clients and web browsers; require manual user confirmation before opening PDFs from untrusted sources. Use sandbox or isolated environments for opening untrusted documents.; priority: Medium Detection & Monitoring: Monitor endpoint logs for abnormal Acrobat Reader process behavior (child process creation, network connections, memory access violations). Use host-based intrusion detection to flag PDF files with embedded executable content or suspicious object streams.; priority: Medium

CVE-2025-43575 vulnerability details – vuln.today

Back

Acrobat CVE-2025-43575

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code