CVE-2025-64785

EUVD-2025-202307

09.12.2025, 21:15

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobe	CNA	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
adobe	acrobat	20.001.3005 ≤ 𝑥 < 20.005.30838
adobe	acrobat_dc	𝑥 < 25.001.20997
adobe	acrobat_reader	20.001.3005 ≤ 𝑥 < 20.005.30838
adobe	acrobat_reader_dc	𝑥 < 25.001.20997
adobe	acrobat	24.001.20604 ≤ 𝑥 < 24.001.30307
adobe	acrobat	24.001.20604 ≤ 𝑥 < 24.001.30308

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-426 - Untrusted Search Path
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

References

https://helpx.adobe.com/security/products/acrobat/apsb25-119.html