CVE-2025-64899

EUVD-2025-202306

09.12.2025, 21:15

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobe	CNA	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
adobe	acrobat	20.001.3005 ≤ 𝑥 < 20.005.30838
adobe	acrobat_dc	𝑥 < 25.001.20997
adobe	acrobat_reader	20.001.3005 ≤ 𝑥 < 20.005.30838
adobe	acrobat_reader_dc	𝑥 < 25.001.20997
adobe	acrobat	24.001.20604 ≤ 𝑥 < 24.001.30307
adobe	acrobat	24.001.20604 ≤ 𝑥 < 24.001.30308

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://helpx.adobe.com/security/products/acrobat/apsb25-119.html