What is the CVSS score of CVE-2025-43577?

CVE-2025-43577 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Acrobat are affected by CVE-2025-43577?

Adobe Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier contain a critical vulnerability allowing attackers to execute arbitrary code on user systems through malicious PDF…

How to fix or mitigate CVE-2025-43577?

Within 24 hours: Inventory all Acrobat Reader installations across the organization and identify affected versions; issue user awareness alert warning against opening PDFs from untrusted sources. Within 7 days: Disable Acrobat Reader as the default PDF handler where feasible and redirect users to alternative PDF viewers (e.g., Microsoft Edge, Chrome); implement email gateway rules to block suspicious PDF attachments from external senders. Within 30 days: Monitor Adobe security channels daily for patch release; prepare and test patch deployment procedures; once available, prioritize patching all affected systems within 48 hours of vendor release.

Acrobat CVE-2025-43577

EUVD-2025-17827 HIGH

Use After Free (CWE-416)

2025-06-10 psirt@adobe.com

RCE Use After Free Adobe Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17827

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 19:15 nvd

HIGH 7.8

DescriptionNVD

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.

Technical ContextAI

This vulnerability is classified as CWE-416 (Use After Free), a memory safety issue where the application continues to reference memory that has been freed by the program. In Adobe Acrobat Reader's PDF parsing engine, this likely occurs during the processing of maliciously crafted PDF objects or embedded content (JavaScript, media, form fields). The UAF condition allows an attacker to overwrite freed memory with controlled data, achieving arbitrary code execution in the context of the Reader process. Affected CPE ranges include Adobe Acrobat Reader DC and continuous release tracks (versions 24.x, 25.x, and legacy 20.x branches), suggesting the vulnerability spans multiple code paths across different maintenance versions and may involve shared PDF processing libraries.

RemediationAI

Immediate actions: (1) Update Adobe Acrobat Reader to versions NEWER than 24.001.30235 (likely 24.002.x or later), newer than 25.001.20521 (likely 25.002.x or later), or newer than 20.005.30763 (if applicable). Check Adobe's official security update page for specific patch versions released after this CVE announcement. (2) Enable automatic updates in Acrobat Reader preferences (Edit > Preferences > Security > Check for Updates). (3) Interim mitigations if immediate patching is not feasible: disable JavaScript execution in PDF files (Edit > Preferences > Security > Enhanced Security), restrict file associations for PDF files to prevent automatic opening, and implement email filtering to block suspicious PDF attachments. (4) User education: advise users to be cautious opening PDF files from untrusted sources, especially unexpected email attachments. (5) Endpoint detection: deploy behavioral monitoring for abnormal process execution spawned from Reader processes (parent: AdobeReader.exe/acroread).

CVE-2025-43577 vulnerability details – vuln.today

Back

Acrobat CVE-2025-43577

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code