Adobe Reader
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Reader.
Recent Adobe Reader Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-26 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-26 | March 10, 2026 |
| APSB25-119 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-119 | December 9, 2025 |
| APSB25-85 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-85 | September 9, 2025 |
| APSB25-57 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-57 | June 10, 2025 |
| APSB25-14 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-14 | March 11, 2025 |
| APSB24-92 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-92 | December 10, 2024 |
| APSB24-70 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-70 | September 10, 2024 |
| APSB24-57 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-57 | August 13, 2024 |
| APSB24-29 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-29 | May 14, 2024 |
| APSB24-07 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-07 | February 13, 2024 |
Known Exploited Adobe Reader Vulnerabilities
The following Adobe Reader vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Adobe Reader Buffer Overflow Vulnerability |
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. CVE-2013-0641 Exploit Probability: 88.0% |
March 3, 2022 |
The vulnerability CVE-2013-0641: Adobe Reader Buffer Overflow Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 3 vulnerabilities in Adobe Reader with an average score of 7.0 out of ten. Last year, in 2025 Reader had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Reader in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.48.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 7.03 |
| 2025 | 4 | 5.55 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
It may take a day or so for new Reader vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Reader Security Vulnerabilities
Acrobat Reader Improper Cert Validation v24.001.30307-v25.001.21265
CVE-2026-27221
5.5 - Medium
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
Improper Certificate Validation
Adobe Acrobat Reader UAF in v24.001.30307-25.001.21265
CVE-2026-27278
7.8 - High
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader UA-Free CVE-2026-27220 (V24.001.3030725.001.21265)
CVE-2026-27220
7.8 - High
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader OOB Read before 25.001.20982: PDF Parser Vulnerability
CVE-2025-64899
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader Untrusted Search Path before 25.001.20982
CVE-2025-64785
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.
Untrusted Path
Acrobat Reader 25.001.20982 Improper Signature Verify - Write Access Bypass
CVE-2025-64786
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
Improper Verification of Cryptographic Signature
Acrobat Reader Improper Crypto Signature Verification V<25.001.20983
CVE-2025-64787
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
Improper Verification of Cryptographic Signature
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability
CVE-2020-9663
- July 22, 2020
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure.
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file
CVE-2011-0611
8.8 - High
- April 13, 2011
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Object Type Confusion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Reader or by Adobe? Click the Watch button to subscribe.
