CVE-2025-54255

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
adobeCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
adobeacrobat
24.0.0 ≤
𝑥
< 24.001.30264
adobeacrobat_dc
15.008.20082 ≤
𝑥
< 25.001.20693
adobeacrobat_reader_dc
15.008.20082 ≤
𝑥
< 25.001.20693
adobeacrobat
20.001.30002 ≤
𝑥
< 20.005.30793
adobeacrobat_reader
20.001.30002 ≤
𝑥
< 20.005.30791
adobeacrobat
20.001.30002 ≤
𝑥
< 20.005.30791
adobeacrobat_reader
20.001.30002 ≤
𝑥
< 20.005.30791
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpx.adobe.com/security/products/acrobat/apsb25-85.html