Skip to main content

Adobe Acrobat Reader CVE-2025-64787

LOW
Improper Verification of Cryptographic Signature (CWE-347)
2025-12-09 psirt@adobe.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 28, 2026 - 03:30 vuln.today

DescriptionCVE.org

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.

AnalysisAI

Improper verification of cryptographic signatures in Adobe Acrobat Reader versions up to 24.001.30264, 20.005.30803, and 25.001.20982 allows local attackers to bypass cryptographic protections and gain limited unauthorized write access to PDF documents. The vulnerability requires user interaction with a malicious or crafted PDF containing an improperly signed element. With a CVSS score of 3.3 and local attack vector, this represents a low-severity security feature bypass affecting document integrity verification.

Technical ContextAI

This vulnerability stems from improper implementation of cryptographic signature verification (CWE-347) in Adobe's PDF signature validation mechanism. PDF signatures are a core security feature that authenticate document origin and detect tampering. The flaw allows an attacker to craft a PDF with a signature that fails proper cryptographic validation but is still accepted by the application, enabling unauthorized modification of signed documents. The affected products span both classic and continuous release tracks across Acrobat and Acrobat Reader product lines (CPE: adobe:acrobat*, adobe:acrobat_dc, adobe:acrobat_reader*, adobe:acrobat_reader_dc), indicating a platform-wide signature handling defect.

RemediationAI

Update Adobe Acrobat Reader to the patched versions released in APSB25-119 (versions newer than 24.001.30264, 20.005.30803, or 25.001.20982 depending on your track). Users on the classic release track should update to the next available version after their current track's affected version; continuous users should update to the latest Acrobat DC continuous release. No workarounds are available to disable signature verification without compromising document authenticity workflows. As a compensating control, restrict opening untrusted PDF documents from external sources, and educate users not to accept signature warnings or dialogs that appear unusual. Organizations should verify the legitimacy of document signatures through out-of-band channels when critical documents are involved. The patch availability has been confirmed by Adobe via APSB25-119 advisory at https://helpx.adobe.com/security/products/acrobat/apsb25-119.html.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2025-64787 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy