Acrobat
Monthly
Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions.
Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.
Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.
Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.
Arbitrary code execution in Adobe Acrobat and Acrobat Reader versions 24.001.30307 and earlier stems from a use-after-free memory vulnerability triggered when users open specially crafted files. An attacker can achieve code execution with the privileges of the current user, though exploitation requires victim interaction. No patch is currently available for affected versions.
Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.
Arbitrary code execution in Adobe Acrobat Reader and Acrobat (versions 24.001.30307 and earlier) via a use-after-free vulnerability requires victims to open a malicious file. Local attackers can exploit this to execute code with the privileges of the current user. No patch is currently available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.
Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.