Adobe Acrobat Reader Secure Design Violation v24.001.30254 and earlier
CVE-2025-54255 Published on September 9, 2025
Acrobat Reader | Violation of Secure Design Principles (CWE-657)
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
Vulnerability Analysis
CVE-2025-54255 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Violation of Secure Design Principles
The product violates well-established principles for secure design. This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
Products Associated with CVE-2025-54255
Want to know whenever a new CVE is published for Adobe Acrobat? stack.watch will email you.
Affected Versions
Adobe Acrobat Reader:- Before and including 25.001.20672 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.