Adobe Acrobat Application for working with PDF documents
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Acrobat.
Recent Adobe Acrobat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-63 | Security Bulletin for Adobe Acrobat and Reader | APSB26-63 | June 9, 2026 |
| APSB26-44 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-44 | April 14, 2026 |
| APSB26-43 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-43 | April 11, 2026 |
| APSB26-26 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-26 | March 10, 2026 |
| APSB25-119 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-119 | December 9, 2025 |
| APSB25-85 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-85 | September 9, 2025 |
| APSB25-57 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-57 | June 10, 2025 |
| APSB25-14 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-14 | March 11, 2025 |
| APSB24-92 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-92 | December 10, 2024 |
| APSB24-70 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-70 | September 10, 2024 |
Known Exploited Adobe Acrobat Vulnerabilities
The following Adobe Acrobat vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Adobe Acrobat Use-After-Free Vulnerability |
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution CVE-2020-9715 Exploit Probability: 48.4% |
April 13, 2026 |
The vulnerability CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 31 vulnerabilities in Adobe Acrobat with an average score of 7.2 out of ten. Last year, in 2025 Acrobat had 25 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.55.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 31 | 7.19 |
| 2025 | 25 | 6.64 |
| 2024 | 37 | 6.78 |
| 2023 | 38 | 6.93 |
| 2022 | 34 | 6.38 |
| 2021 | 42 | 6.83 |
| 2020 | 57 | 6.65 |
| 2019 | 223 | 9.80 |
| 2018 | 40 | 8.80 |
It may take a day or so for new Acrobat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Acrobat Security Vulnerabilities
Acrobat Reader OOB Write CVE-2020-9695 (2020.009.20074)
CVE-2020-9695
7.8 - High
- June 23, 2026
Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Acrobat Reader OOB Read (CVE-2020-9711) v2020.009.20074
CVE-2020-9711
5.5 - Medium
- June 23, 2026
Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat/Reader OOB Read in PDF Parser (v 2020.009.20074 & below)
CVE-2020-9713
5.5 - Medium
- June 23, 2026
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat PDF Ext. Chrome UXSS CVE-2026-48294 (26.5.2.2)
CVE-2026-48294
7.4 - High
- June 16, 2026
Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
XSS
Adobe Acrobat Reader OOB Write in 24.001.30365 Arbitrary code exec
CVE-2026-47965
7.8 - High
- June 12, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
U.S.P.E. in Adobe Acrobat Reader 24.001.30365/26.001.21651 & prior
CVE-2026-47937
7.7 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
DLL preloading
Acrobat Reader UAF before 26.001.21651: AAExec via malicious file
CVE-2026-47916
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Use-After-Free (UAF) in Adobe Acrobat Reader <=26.001.21651
CVE-2026-47918
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader <24.001.30365/26.001.21651: UAF Arbitrary Exec
CVE-2026-47915
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Heap-based Buffer Overflow in Acrobat Reader before 26.001.21652
CVE-2026-47952
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Acrobat Reader OOB Read v24-26 Disclosed
CVE-2026-47923
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader UAF 24/26, Arbitrary Code Execution
CVE-2026-47917
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader 24.001.30365 & 26.001.21651 Use After Free RCE
CVE-2026-47955
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader UEFAF Vulnerability <26.001.21651
CVE-2026-47924
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader Use-After-Free in PDF Parser 24.x/26.x
CVE-2026-47919
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader 24.001.x-26.001.x OOBR memory disclosure
CVE-2026-47926
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader UAF in 24.001.30365/26.001.21651 Arbitrary Code Exec
CVE-2026-47921
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader < 26 UAF in PDF Parser (exploit requires user interaction)
CVE-2026-47920
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader OOB Read (v <24.001.30365)
CVE-2026-47961
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader UAF Before 26.001.21651
CVE-2026-47913
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Use-After-Free in Adobe Acrobat Reader <26.001.21651
CVE-2026-47914
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader 24/26 Integer Overflow DoS (CVE202647925)
CVE-2026-47925
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Acrobat Reader UAF in CVE-2026-47912, before 27 code exec
CVE-2026-47912
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader Stack Buffer Overflow before 26.0 (Arbitrary Code Execution)
CVE-2026-47959
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
Acrobat Reader OOB Write CVE-2026-47911 Before 26.001.21651
CVE-2026-47911
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Acrobat Reader <26.001.21411 Prototype Pollution Code Exec
CVE-2026-34622
8.6 - High
- April 14, 2026
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Prototype Pollution
Acrobat Reader <=26.0 Prototype Pollution Arbitrary FS Read
CVE-2026-34626
6.3 - Medium
- April 14, 2026
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Prototype Pollution
Acrobat Reader 24/26 Prototype Pollution ARC
CVE-2026-34621
8.6 - High
- April 11, 2026
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Prototype Pollution
Acrobat Reader Improper Cert Validation v24.001.30307-v25.001.21265
CVE-2026-27221
5.5 - Medium
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
Improper Certificate Validation
Adobe Acrobat Reader UAF in v24.001.30307-25.001.21265
CVE-2026-27278
7.8 - High
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader UA-Free CVE-2026-27220 (V24.001.3030725.001.21265)
CVE-2026-27220
7.8 - High
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader OOB Read before 25.001.20982: PDF Parser Vulnerability
CVE-2025-64899
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader Untrusted Search Path before 25.001.20982
CVE-2025-64785
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file.
Untrusted Path
Acrobat Reader 25.001.20982 Improper Signature Verify - Write Access Bypass
CVE-2025-64786
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.
Improper Verification of Cryptographic Signature
Acrobat Reader Improper Crypto Signature Verification V<25.001.20983
CVE-2025-64787
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.
Improper Verification of Cryptographic Signature
Adobe Acrobat Reader Secure Design Violation v24.001.30254 and earlier
CVE-2025-54255
4 - Medium
- September 09, 2025
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
Violation of Secure Design Principles
Acrobat Reader UAF Arbitrary Code Exec in v24.001.30254 and earlier
CVE-2025-54257
7.8 - High
- September 09, 2025
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged.
Dangling pointer
Adobe Acrobat Reader UAF before 24.001.30235 Allows Arbitrary Execution
CVE-2025-43550
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader UA-FREE <25.001.20521: possible arbitrary code exec
CVE-2025-43573
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader PDF-UAF CVE-2025-43574
CVE-2025-43574
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader OOB Write CVE-2025-43575, 20-25, Arbitrary Exec
CVE-2025-43575
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Use After Free in Acrobat Reader (v24/20/25) Enables Arbitrary Code Exec
CVE-2025-43576
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader UAF in PDF Parser -> Arbitrary Exec before v25.0
CVE-2025-43577
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader Info Exposure CVE-2025-43579 before 25.001.20521
CVE-2025-43579
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
Information Disclosure
Adobe Acrobat Reader OOB Read (24.001.30235, 20.005.30763, 25.001.20521+)
CVE-2025-47112
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader OOB Read before 26.0 File Parser
CVE-2025-43578
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader NULL Ptr Deref v24.001.30235/20.005.30763/25.001.20521 CVE-2025-47111
CVE-2025-47111
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Acrobat Reader UA-FF Pre-25.001.20428 Exploitable via Malicious File
CVE-2025-27160
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader UAF before 25.001.20428 (arbitrary code exec)
CVE-2025-27159
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Uninit Pointer OOB in Acrobat Reader v24/20/25 (CVE-2025-27158)
CVE-2025-27158
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Acrobat or by Adobe? Click the Watch button to subscribe.