What is the CVSS score of CVE-2025-54255?

CVE-2025-54255 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Acrobat are affected by CVE-2025-54255?

CVE-2025-54255 presents moderate security risk rated CVSS 4.0. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-54255?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Monitor vendor channels for patch availability.

Acrobat CVE-2025-54255

MEDIUM

Violation of Secure Design Principles (CWE-657)

2025-09-09 psirt@adobe.com

Authentication Bypass Adobe Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:11 vuln.today

CVE Published

Sep 09, 2025 - 20:15 nvd

MEDIUM 4.0

DescriptionNVD

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.

AnalysisAI

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-657. Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged. Affected products include: Adobe Acrobat, Adobe Acrobat Dc, Adobe Acrobat Reader Dc, Adobe Acrobat Reader.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-54255 vulnerability details – vuln.today

Back

Acrobat CVE-2025-54255

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code