Skip to main content

Adobe Acrobat Reader CVE-2025-64786

LOW
Improper Verification of Cryptographic Signature (CWE-347)
2025-12-09 psirt@adobe.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 28, 2026 - 03:30 vuln.today

DescriptionCVE.org

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.

AnalysisAI

Improper verification of cryptographic signatures in Adobe Acrobat Reader and Acrobat DC versions up to 24.001.30273, 25.001.20982, and 20.005.30803 allows local attackers to bypass security features and gain limited unauthorized write access to PDF documents. Exploitation requires user interaction with a malicious or specially crafted cryptographic signature embedded in a PDF file. No active exploitation has been confirmed at the time of analysis.

Technical ContextAI

The vulnerability stems from inadequate validation of cryptographic signatures (CWE-347: Improper Verification of Cryptographic Signature) within Adobe's PDF signature verification subsystem. PDFs employ digital signatures to authenticate document origin and integrity; this flaw allows an attacker to craft a signature that fails proper cryptographic verification but is incorrectly accepted by the application. The affected products span Adobe Acrobat (classic track), Acrobat DC (continuous track), Acrobat Reader (classic track), and Acrobat Reader DC (continuous track), as identified by the CPE strings. The signature verification bypass enables unauthorized modification of PDF content despite the presence of a signature field, undermining the document authentication mechanism.

RemediationAI

Apply the security patch released by Adobe in bulletin APSB25-119 immediately. The exact patched versions depend on the product track: for classic track Acrobat and Reader, upgrade to versions after 24.001.30273 or 25.001.20982 (consult APSB25-119 for exact patched version numbers); for continuous track Acrobat DC and Reader DC, update to the latest release. As an interim compensating control, organizations should disable signature verification features if the functionality is not critical to workflows, though this may reduce document authenticity assurance. Users should also avoid opening PDF files from untrusted sources and disable the automatic signature validation prompt to prevent user interaction with malicious signatures. These mitigations reduce functionality and are temporary; patch deployment is the definitive fix. Refer to https://helpx.adobe.com/security/products/acrobat/apsb25-119.html for specific version numbers and deployment guidance.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2025-64786 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy