Refine your search
452 vulnerabilities found for Acrobat Reader by Adobe
CERTFR-2026-AVI-0438
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 26.001.21431 sur Windows et macOS | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30365 sur Windows et macOS | ||
| Adobe | ColdFusion | ColdFusion 2023 versions antérieures à Update 19 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 26.001.21431 sur Windows et macOS | ||
| Adobe | ColdFusion | ColdFusion 2025 versions antérieures à Update 7 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 26.001.21431 sur Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30365 sur Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2023 versions ant\u00e9rieures \u00e0 Update 19",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 26.001.21431 sur Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2025 versions ant\u00e9rieures \u00e0 Update 7",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-27308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27308"
},
{
"name": "CVE-2026-27307",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27307"
},
{
"name": "CVE-2026-34619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34619"
},
{
"name": "CVE-2026-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27282"
},
{
"name": "CVE-2026-34622",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34622"
},
{
"name": "CVE-2026-34626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34626"
},
{
"name": "CVE-2026-27305",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27305"
},
{
"name": "CVE-2026-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27306"
},
{
"name": "CVE-2026-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27304"
}
],
"initial_release_date": "2026-04-15T00:00:00",
"last_revision_date": "2026-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0438",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-38",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-44",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-44.html"
}
]
}
CERTFR-2026-AVI-0429
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Adobe Acrobat. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Adobe indique que la vulnérabilité CVE-2026-34621 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30360 sur macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 26.001.21411 sur Windows et macOS | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 26.001.21411 sur Windows et macOS | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30362 sur Windows |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30360 sur macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 26.001.21411 sur Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 26.001.21411 sur Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30362 sur Windows",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-34621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34621"
}
],
"initial_release_date": "2026-04-13T00:00:00",
"last_revision_date": "2026-04-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0429",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Adobe Acrobat. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire.\n\nAdobe indique que la vuln\u00e9rabilit\u00e9 CVE-2026-34621 est activement exploit\u00e9e.",
"title": "Vuln\u00e9rabilit\u00e9 dans Adobe Acrobat",
"vendor_advisories": [
{
"published_at": "2026-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-43",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-43.html"
}
]
}
CERTFR-2026-AVI-0264
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30356 pour Windows et macOS | ||
| Adobe | Commerce | Commerce versions 2.4.8 antérieures à 4.2.8-p4 | ||
| Adobe | Commerce | Commerce versions 2.4.6 antérieures à 4.2.6-p14 | ||
| Adobe | Commerce | Commerce versions 2.4.9 antérieures à 4.2.9-beta1 | ||
| Adobe | Commerce | Commerce versions 2.4.7 antérieures à 4.2.7-p9 | ||
| Adobe | Commerce | Commerce versions 2.4.4 antérieures à 4.2.4-p17 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6 antérieures à 2.4.6-p14 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7 antérieures à 2.4.7-p9 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5 antérieures à 2.4.5-p16 | ||
| Adobe | Commerce | Commerce B2B versions 1.5.3 antérieures à 1.5.3-beta1 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.5 antérieures à 1.3.5-p14 | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.21288 pour Windows et macOS | ||
| Adobe | Magento | Magento Open Source versions 2.4.9 antérieures à 2.4.9-beta1 | ||
| Adobe | Commerce | Commerce B2B versions 1.5.2 antérieures à 1.5.2-p4 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.3 antérieures à 1.3.3-p17 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.21288 pour Windows et macOS | ||
| Adobe | Commerce | Commerce versions 2.4.5 antérieures à 4.2.5-p16 | ||
| Adobe | Magento | Magento Open Source versions 2.4.8 antérieures à 2.4.8-p4 | ||
| Adobe | Commerce | Commerce B2B versions 1.4.2 antérieures à 1.4.2-p9 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.4 antérieures à 1.3.4-p16 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30356 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": " Commerce versions 2.4.8 ant\u00e9rieures \u00e0 4.2.8-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": " Commerce versions 2.4.6 ant\u00e9rieures \u00e0 4.2.6-p14",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": " Commerce versions 2.4.9 ant\u00e9rieures \u00e0 4.2.9-beta1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": " Commerce versions 2.4.7 ant\u00e9rieures \u00e0 4.2.7-p9",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": " Commerce versions 2.4.4 ant\u00e9rieures \u00e0 4.2.4-p17",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6 ant\u00e9rieures \u00e0 2.4.6-p14",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7 ant\u00e9rieures \u00e0 2.4.7-p9",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5 ant\u00e9rieures \u00e0 2.4.5-p16",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.5.3 ant\u00e9rieures \u00e0 1.5.3-beta1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.5 ant\u00e9rieures \u00e0 1.3.5-p14",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.21288 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.9 ant\u00e9rieures \u00e0 2.4.9-beta1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.5.2 ant\u00e9rieures \u00e0 1.5.2-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.3 ant\u00e9rieures \u00e0 1.3.3-p17",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.21288 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": " Commerce versions 2.4.5 ant\u00e9rieures \u00e0 4.2.5-p16",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.8 ant\u00e9rieures \u00e0 2.4.8-p4",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.4.2 ant\u00e9rieures \u00e0 1.4.2-p9",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.4 ant\u00e9rieures \u00e0 1.3.4-p16",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27220"
},
{
"name": "CVE-2026-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27221"
},
{
"name": "CVE-2026-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21295"
},
{
"name": "CVE-2026-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21360"
},
{
"name": "CVE-2026-27278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27278"
},
{
"name": "CVE-2026-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21291"
},
{
"name": "CVE-2026-21311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21311"
},
{
"name": "CVE-2026-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21293"
},
{
"name": "CVE-2026-21292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21292"
},
{
"name": "CVE-2026-21359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21359"
},
{
"name": "CVE-2026-21361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21361"
},
{
"name": "CVE-2026-21285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21285"
},
{
"name": "CVE-2026-21310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21310"
},
{
"name": "CVE-2026-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21294"
},
{
"name": "CVE-2026-21286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21286"
},
{
"name": "CVE-2026-21284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21284"
},
{
"name": "CVE-2026-21289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21289"
},
{
"name": "CVE-2026-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21282"
},
{
"name": "CVE-2026-21297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21297"
},
{
"name": "CVE-2026-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21296"
},
{
"name": "CVE-2026-21309",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21309"
},
{
"name": "CVE-2026-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21290"
}
],
"initial_release_date": "2026-03-11T00:00:00",
"last_revision_date": "2026-03-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0264",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-05",
"url": "https://helpx.adobe.com/security/products/magento/apsb26-05.html"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-26",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
}
]
}
CERTFR-2025-AVI-1085
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30838 pour Windows et macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30838 pour Windows et macOS | ||
| Adobe | ColdFusion | ColdFusion 2023 versions antérieures à Update 17 | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.20997 pour Windows et macOS | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30308 pour macOS | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.20997 pour Windows et macOS | ||
| Adobe | ColdFusion | ColdFusion 2021 versions antérieures à Update 23 | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30307 pour Windows | ||
| Adobe | ColdFusion | ColdFusion 2025 versions antérieures à Update 5 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30838 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30838 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2023 versions ant\u00e9rieures \u00e0 Update 17",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.20997 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30308 pour macOS ",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.20997 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2021 versions ant\u00e9rieures \u00e0 Update 23",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30307 pour Windows ",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2025 versions ant\u00e9rieures \u00e0 Update 5",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-64785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64785"
},
{
"name": "CVE-2025-64898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64898"
},
{
"name": "CVE-2025-61822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61822"
},
{
"name": "CVE-2025-61830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61830"
},
{
"name": "CVE-2025-64787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64787"
},
{
"name": "CVE-2025-61811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61811"
},
{
"name": "CVE-2025-61809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61809"
},
{
"name": "CVE-2025-64897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64897"
},
{
"name": "CVE-2025-61808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61808"
},
{
"name": "CVE-2025-61812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61812"
},
{
"name": "CVE-2025-61821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61821"
},
{
"name": "CVE-2025-64899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64899"
},
{
"name": "CVE-2025-64786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64786"
},
{
"name": "CVE-2025-61813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61813"
},
{
"name": "CVE-2025-61810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61810"
}
],
"initial_release_date": "2025-12-10T00:00:00",
"last_revision_date": "2025-12-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1085",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-119",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-119.html"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-105",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html"
}
]
}
CERTFR-2025-AVI-0770
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | ColdFusion | ColdFusion 2025 versions antérieures à Update 4 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30791 pour Mac | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30793 pour Windows | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30264 pour Windows et macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.20693 pour Windows et macOS | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.20693 pour Windows et macOS | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à Win: 20.005.30793 Mac: 20.005.30791 pour Windows et macOS | ||
| Adobe | ColdFusion | ColdFusion 2021 versions antérieures à Update 22 | ||
| Adobe | ColdFusion | ColdFusion 2023 versions antérieures à Update 16 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ColdFusion 2025 versions ant\u00e9rieures \u00e0 Update 4",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30791 pour Mac",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30793 pour Windows",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30264 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.20693 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.20693 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 Win: 20.005.30793 Mac: 20.005.30791 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2021 versions ant\u00e9rieures \u00e0 Update 22",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2023 versions ant\u00e9rieures \u00e0 Update 16",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54255"
},
{
"name": "CVE-2025-54261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54261"
},
{
"name": "CVE-2025-54257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54257"
}
],
"initial_release_date": "2025-09-10T00:00:00",
"last_revision_date": "2025-09-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0770",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-93",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-85",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-85.html"
}
]
}
CERTFR-2025-AVI-0495
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30254 pour Windows et macOS | ||
| Adobe | Magento | Magento Open Source sans le dernier correctif de sécurité pour la vulnérabilité CVE-2025-47110 | ||
| Adobe | Magento | Magento Open Source versions antérieures à 2.4.9-alpha1 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.20531 pour Windows | ||
| Adobe | Commerce | Commerce versions 2.4.5-x antérieures à 2.4.5-p13 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p13 | ||
| Adobe | Commerce | Commerce B2B versions 1.4.2-x antérieures à 1.4.2-p6 | ||
| Adobe | Commerce | Commerce B2B versions 1.5.2-x antérieures à 1.5.2-p1 | ||
| Adobe | Commerce | Commerce versions 2.4.8-x antérieures à 2.4.8-p1 | ||
| Adobe | Commerce | Commerce B2B versions antérieures à 1.5.3-alpha1 | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.20531 pour Windows | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p11 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.4-x antérieures à 1.3.4-p13 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.20529 macOS | ||
| Adobe | Commerce | Commerce versions antérieures à 2.4.9-alpha1 | ||
| Adobe | Commerce | Commerce versions 2.4.7-x antérieures à 2.4.7-p6 | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30774 pour Windows et macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.20529 macOS | ||
| Adobe | Magento | Magento Open Source versions 2.4.8-x antérieures à 2.4.8-p1 | ||
| Adobe | Commerce | Commerce sans le dernier correctif de sécurité pour la vulnérabilité CVE-2025-47110 | ||
| Adobe | Commerce | Commerce versions 2.4.6-x antérieures à 2.4.6-p11 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30774 pour Windows et macOS | ||
| Adobe | Commerce | Commerce B2B versions 1.3.3-x antérieures à 1.3.3-p14 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7-x antérieures à 2.4.7-p6 | ||
| Adobe | Commerce | Commerce versions 2.4.4-x antérieures à 2.4.4-p14 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30254 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source sans le dernier correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-47110",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.9-alpha1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.20531 pour Windows",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p13",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.4.2-x ant\u00e9rieures \u00e0 1.4.2-p6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.5.2-x ant\u00e9rieures \u00e0 1.5.2-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions ant\u00e9rieures \u00e0 1.5.3-alpha1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.20531 pour Windows",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p11",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.4-x ant\u00e9rieures \u00e0 1.3.4-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.20529 macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions ant\u00e9rieures \u00e0 2.4.9-alpha1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30774 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.20529 macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-p1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce sans le dernier correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-47110",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p11",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30774 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.3-x ant\u00e9rieures \u00e0 1.3.3-p14",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p6",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p14",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43577"
},
{
"name": "CVE-2025-43573",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43573"
},
{
"name": "CVE-2025-43585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43585"
},
{
"name": "CVE-2025-43578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43578"
},
{
"name": "CVE-2025-43586",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43586"
},
{
"name": "CVE-2025-27206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27206"
},
{
"name": "CVE-2025-43550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43550"
},
{
"name": "CVE-2025-27207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27207"
},
{
"name": "CVE-2025-43574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43574"
},
{
"name": "CVE-2025-43575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43575"
},
{
"name": "CVE-2025-47111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47111"
},
{
"name": "CVE-2025-43576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43576"
},
{
"name": "CVE-2025-43579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43579"
},
{
"name": "CVE-2025-47110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47110"
},
{
"name": "CVE-2025-47112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47112"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0495",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-50",
"url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-57",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
]
}
CERTFR-2025-AVI-0201
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.20432 pour Windows et macOS | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30763 pour Windows et macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.20432 pour Windows et macOS | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30235 pour Windows et macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30763 pour Windows et macOS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.20432 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30763 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.20432 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30235 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30763 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27174"
},
{
"name": "CVE-2025-24431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24431"
},
{
"name": "CVE-2025-27161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27161"
},
{
"name": "CVE-2025-27159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27159"
},
{
"name": "CVE-2025-27158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27158"
},
{
"name": "CVE-2025-27163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27163"
},
{
"name": "CVE-2025-27160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27160"
},
{
"name": "CVE-2025-27162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27162"
},
{
"name": "CVE-2025-27164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27164"
}
],
"initial_release_date": "2025-03-12T00:00:00",
"last_revision_date": "2025-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0201",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-14",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html"
}
]
}
CVE-2026-34622 (GCVE-0-2026-34622)
Vulnerability from cvelistv5
Published
2026-04-14 16:18
Modified
2026-04-15 03:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') ()
Summary
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 26.001.21411 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:27.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "26.001.21411",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-04-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAcrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\u003c/p\u003e"
}
],
"value": "Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) (CWE-1321)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:27:47.084Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-44.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) (CWE-1321)",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-34622",
"datePublished": "2026-04-14T16:18:05.530Z",
"dateReserved": "2026-03-30T17:30:36.490Z",
"dateUpdated": "2026-04-15T03:58:27.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34626 (GCVE-0-2026-34626)
Vulnerability from cvelistv5
Published
2026-04-14 16:18
Modified
2026-04-14 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') ()
Summary
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 26.001.21411 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T17:52:58.091952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T17:53:05.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "26.001.21411",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-04-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAcrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\u003c/p\u003e"
}
],
"value": "Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) (CWE-1321)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:26:46.825Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-44.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) (CWE-1321)",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-34626",
"datePublished": "2026-04-14T16:18:04.679Z",
"dateReserved": "2026-03-30T17:30:36.490Z",
"dateUpdated": "2026-04-14T17:53:05.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34621 (GCVE-0-2026-34621)
Vulnerability from cvelistv5
Published
2026-04-11 06:45
Modified
2026-04-14 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') ()
Summary
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 26.001.21367 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34621",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T03:55:27.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-13T00:00:00.000Z",
"value": "CVE-2026-34621 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "26.001.21367",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-04-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) (CWE-1321)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-12T04:20:33.694Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-43.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) (CWE-1321)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-34621",
"datePublished": "2026-04-11T06:45:43.512Z",
"dateReserved": "2026-03-30T17:30:36.490Z",
"dateUpdated": "2026-04-14T03:55:27.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27221 (GCVE-0-2026-27221)
Vulnerability from cvelistv5
Published
2026-03-10 21:41
Modified
2026-03-11 13:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation ()
Summary
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.21265 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:57:08.259918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:15.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.21265",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation (CWE-295)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T21:41:36.952Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Improper Certificate Validation (CWE-295)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-27221",
"datePublished": "2026-03-10T21:41:36.952Z",
"dateReserved": "2026-02-18T22:02:41.380Z",
"dateUpdated": "2026-03-11T13:08:15.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27278 (GCVE-0-2026-27278)
Vulnerability from cvelistv5
Published
2026-03-10 21:41
Modified
2026-03-12 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.21265 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T03:55:16.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.21265",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T21:41:36.155Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-27278",
"datePublished": "2026-03-10T21:41:36.155Z",
"dateReserved": "2026-02-18T22:02:41.389Z",
"dateUpdated": "2026-03-12T03:55:16.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27220 (GCVE-0-2026-27220)
Vulnerability from cvelistv5
Published
2026-03-10 21:41
Modified
2026-03-11 13:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.21265 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:57:06.140579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:16.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.21265",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T21:41:34.910Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-27220",
"datePublished": "2026-03-10T21:41:34.910Z",
"dateReserved": "2026-02-18T22:02:41.380Z",
"dateUpdated": "2026-03-11T13:08:16.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64899 (GCVE-0-2025-64899)
Vulnerability from cvelistv5
Published
2025-12-09 20:21
Modified
2026-02-26 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 20.005.30803 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T04:57:35.785124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:08.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30803",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:21:06.231Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-119.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Out-of-bounds Read (CWE-125)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-64899",
"datePublished": "2025-12-09T20:21:06.231Z",
"dateReserved": "2025-11-11T22:48:38.847Z",
"dateUpdated": "2026-02-26T16:21:08.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64785 (GCVE-0-2025-64785)
Vulnerability from cvelistv5
Published
2025-12-09 20:21
Modified
2026-02-26 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path ()
Summary
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 20.005.30803 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T04:57:34.694118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:08.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30803",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:21:05.355Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-119.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Untrusted Search Path (CWE-426)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-64785",
"datePublished": "2025-12-09T20:21:05.355Z",
"dateReserved": "2025-11-11T22:48:38.823Z",
"dateUpdated": "2026-02-26T16:21:08.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64786 (GCVE-0-2025-64786)
Vulnerability from cvelistv5
Published
2025-12-09 20:21
Modified
2025-12-12 17:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature ()
Summary
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 20.005.30803 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T17:10:22.855615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T17:10:32.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30803",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 3.3,
"environmentalSeverity": "LOW",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 3.3,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature (CWE-347)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:21:04.388Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-119.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-64786",
"datePublished": "2025-12-09T20:21:04.388Z",
"dateReserved": "2025-11-11T22:48:38.823Z",
"dateUpdated": "2025-12-12T17:10:32.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64787 (GCVE-0-2025-64787)
Vulnerability from cvelistv5
Published
2025-12-09 20:21
Modified
2025-12-12 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature ()
Summary
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 20.005.30803 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T17:10:56.470568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T17:11:07.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30803",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 3.3,
"environmentalSeverity": "LOW",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 3.3,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature (CWE-347)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:21:03.344Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-119.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-64787",
"datePublished": "2025-12-09T20:21:03.344Z",
"dateReserved": "2025-11-11T22:48:38.824Z",
"dateUpdated": "2025-12-12T17:11:07.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54255 (GCVE-0-2025-54255)
Vulnerability from cvelistv5
Published
2025-09-09 20:10
Modified
2025-10-01 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-657 - Violation of Secure Design Principles ()
Summary
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20672 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T20:17:07.321663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T20:17:18.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20672",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 4,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-657",
"description": "Violation of Secure Design Principles (CWE-657)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T21:37:47.035Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-85.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Violation of Secure Design Principles (CWE-657)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-54255",
"datePublished": "2025-09-09T20:10:02.351Z",
"dateReserved": "2025-07-17T21:15:02.455Z",
"dateUpdated": "2025-10-01T21:37:47.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54257 (GCVE-0-2025-54257)
Vulnerability from cvelistv5
Published
2025-09-09 20:08
Modified
2026-02-26 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20672 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T03:56:20.999000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:49.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:17.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20672",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T20:08:48.397Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-85.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-54257",
"datePublished": "2025-09-09T20:08:48.397Z",
"dateReserved": "2025-07-17T21:15:02.455Z",
"dateUpdated": "2026-02-26T17:48:49.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47111 (GCVE-0-2025-47111)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2025-06-10 19:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T19:29:17.965614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:38:50.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:36.652Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | NULL Pointer Dereference (CWE-476)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-47111",
"datePublished": "2025-06-10T19:11:36.652Z",
"dateReserved": "2025-04-30T20:47:55.001Z",
"dateUpdated": "2025-06-10T19:38:50.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43579 (GCVE-0-2025-43579)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2025-06-10 19:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T19:29:02.436584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:38:56.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Exposure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:35.891Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Information Exposure (CWE-200)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43579",
"datePublished": "2025-06-10T19:11:35.891Z",
"dateReserved": "2025-04-16T16:23:13.182Z",
"dateUpdated": "2025-06-10T19:38:56.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43573 (GCVE-0-2025-43573)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2026-02-26 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T03:59:04.447350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:44.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:35.130Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43573",
"datePublished": "2025-06-10T19:11:35.130Z",
"dateReserved": "2025-04-16T16:23:13.181Z",
"dateUpdated": "2026-02-26T17:50:44.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43577 (GCVE-0-2025-43577)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2026-02-26 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T03:55:16.416994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:45.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:34.386Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43577",
"datePublished": "2025-06-10T19:11:34.386Z",
"dateReserved": "2025-04-16T16:23:13.181Z",
"dateUpdated": "2026-02-26T17:50:45.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43550 (GCVE-0-2025-43550)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2026-02-26 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T03:55:15.344991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:45.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:33.642Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43550",
"datePublished": "2025-06-10T19:11:33.642Z",
"dateReserved": "2025-04-16T16:23:13.179Z",
"dateUpdated": "2026-02-26T17:50:45.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47112 (GCVE-0-2025-47112)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2025-06-10 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T19:29:21.975438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:39:22.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:32.882Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Out-of-bounds Read (CWE-125)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-47112",
"datePublished": "2025-06-10T19:11:32.882Z",
"dateReserved": "2025-04-30T20:47:55.001Z",
"dateUpdated": "2025-06-10T19:39:22.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43575 (GCVE-0-2025-43575)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2025-06-10 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T19:29:26.621766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:39:28.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:32.144Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43575",
"datePublished": "2025-06-10T19:11:32.144Z",
"dateReserved": "2025-04-16T16:23:13.181Z",
"dateUpdated": "2025-06-10T19:39:28.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43578 (GCVE-0-2025-43578)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2025-06-11 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T19:29:31.450018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:39:33.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-11T16:03:39.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:31.391Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Out-of-bounds Read (CWE-125)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43578",
"datePublished": "2025-06-10T19:11:31.391Z",
"dateReserved": "2025-04-16T16:23:13.182Z",
"dateUpdated": "2025-06-11T16:03:39.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43574 (GCVE-0-2025-43574)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2025-06-10 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T19:29:38.248166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:39:39.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:30.646Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43574",
"datePublished": "2025-06-10T19:11:30.646Z",
"dateReserved": "2025-04-16T16:23:13.181Z",
"dateUpdated": "2025-06-10T19:39:39.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43576 (GCVE-0-2025-43576)
Vulnerability from cvelistv5
Published
2025-06-10 19:11
Modified
2026-02-26 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20521 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T03:55:14.133020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:46.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-11T16:03:37.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20521",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T19:11:29.803Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-43576",
"datePublished": "2025-06-10T19:11:29.803Z",
"dateReserved": "2025-04-16T16:23:13.181Z",
"dateUpdated": "2026-02-26T17:50:46.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24431 (GCVE-0-2025-24431)
Vulnerability from cvelistv5
Published
2025-03-11 18:10
Modified
2026-02-26 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Version: 0 ≤ 25.001.20428 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T04:01:16.873995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:36.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.001.20428",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-03-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:10:16.624Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader | Out-of-bounds Read (CWE-125)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-24431",
"datePublished": "2025-03-11T18:10:16.624Z",
"dateReserved": "2025-01-21T17:00:45.702Z",
"dateUpdated": "2026-02-26T19:09:36.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}