{"id":9115,"date":"2025-12-11T10:03:37","date_gmt":"2025-12-11T10:03:37","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/11\/adobe-acrobat-reader-vulnerabilities-let-attackers-execute-arbitrary-code-and-bypass-security\/"},"modified":"2025-12-11T10:03:37","modified_gmt":"2025-12-11T10:03:37","slug":"adobe-acrobat-reader-vulnerabilities-let-attackers-execute-arbitrary-code-and-bypass-security","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/11\/adobe-acrobat-reader-vulnerabilities-let-attackers-execute-arbitrary-code-and-bypass-security\/","title":{"rendered":"Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security"},"content":{"rendered":"

Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Critical security updates for Acrobat and Reader are available, addressing multiple vulnerabilities that could allow attackers to execute\u00a0arbitrary code<\/a>\u00a0and bypass essential security features.<\/span><\/p>\n

Adobe issued security bulletin APSB25-119 on December 9, 2025, with a priority rating of 3, affecting both Windows and macOS<\/a> platforms. The vulnerabilities stem from multiple weaknesses in the PDF processing engine.<\/p>\n

\n\n\n\n\n\n\n\n\n
Vulnerability<\/th>\nCategory<\/th>\nImpact<\/th>\nSeverity<\/th>\nCVSS Score<\/th>\nCVE<\/th>\n<\/tr>\n<\/thead>\n
Untrusted Search Path<\/td>\nCWE-426<\/td>\nArbitrary code execution<\/td>\nCritical<\/td>\n7.8<\/td>\nCVE-2025-64785<\/td>\n<\/tr>\n
Out-of-bounds Read<\/td>\nCWE-125<\/td>\nArbitrary code execution<\/td>\nCritical<\/td>\n7.8<\/td>\nCVE-2025-64899<\/td>\n<\/tr>\n
Improper Verification of Cryptographic Signature<\/td>\nCWE-347<\/td>\nSecurity feature bypass<\/td>\nModerate<\/td>\n3.3<\/td>\nCVE-2025-64786<\/td>\n<\/tr>\n
Improper Verification of Cryptographic Signature<\/td>\nCWE-347<\/td>\nSecurity feature bypass<\/td>\nModerate<\/td>\n3.3<\/td>\nCVE-2025-64787<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

How Attackers Could Exploit the Flaws<\/strong><\/h2>\n

Two critical flaws enable arbitrary code execution through untrusted search path vulnerabilities and out-of-bounds<\/a> read errors. These issues carry a CVSS base score of 7.8, indicating severe risk to users.<\/p>\n

Two additional moderate vulnerabilities related to improper verification of cryptographic signatures could allow attackers to bypass security features, each with a CVSS score of 3.3.<\/p>\n

The affected products include Acrobat DC, Acrobat Reader DC, Acrobat 2024, Acrobat 2020, and Acrobat Reader 2020 across all current versions.<\/p>\n

\n\n\n\n\n\n\n\n\n\n
Product<\/th>\nTrack<\/th>\nAffected Versions<\/th>\nPlatform<\/th>\n<\/tr>\n<\/thead>\n
Acrobat DC<\/strong><\/td>\nContinuous<\/td>\n25.001.20982 and earlier<\/td>\nWindows & macOS<\/td>\n<\/tr>\n
Acrobat Reader DC<\/strong><\/td>\nContinuous<\/td>\n25.001.20982 and earlier<\/td>\nWindows & macOS<\/td>\n<\/tr>\n
Acrobat 2024<\/strong><\/td>\nClassic 2024<\/td>\nWin \u2013 24.001.30264 and earlier; Mac \u2013 24.001.30273 and earlier<\/td>\nWindows & macOS<\/td>\n<\/tr>\n
Acrobat 2020<\/strong><\/td>\nClassic 2020<\/td>\nWin \u2013 20.005.30793 and earlier; Mac \u2013 20.005.30803 and earlier<\/td>\nWindows & macOS<\/td>\n<\/tr>\n
Acrobat Reader 2020<\/strong><\/td>\nClassic 2020<\/td>\nWin \u2013 20.005.30793 and earlier; Mac \u2013 20.005.30803 and earlier<\/td>\nWindows & macOS<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Adobe recommends<\/a> installing the latest versions immediately. Users can update manually through Help > Check for Updates, or allow automatic updates to install security patches without intervention.<\/p>\n

The updated versions include Acrobat DC and Reader DC 25.001.20997, Acrobat 2024 versions 24.001.30307 (Windows) and 24.001.30308 (macOS), and Acrobat 2020 versions 20.005.30838 across both platforms.<\/p>\n

IT administrators should deploy updates using their preferred method, such as AIP-GPO,\u00a0bootstrapper<\/a>, or SCCM,<\/span> for Windows environments.<\/p>\n

Currently, Adobe reports no known exploits targeting these vulnerabilities in the wild. However, the critical nature of the flaws and their potential for remote execution make prompt patching<\/a> essential.<\/p>\n

Organizations should prioritize updating all affected Acrobat installations to prevent potential compromise.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security Critical security updates for Acrobat and Reader are available, addressing multiple vulnerabilities that could allow attackers to execute\u00a0arbitrary code\u00a0and bypass essential security features. Adobe issued security bulletin APSB25-119 on December 9, 2025, with a priority rating of 3, affecting both Windows and macOS […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2015,129,63,648],"tags":[130],"class_list":["post-9115","post","type-post","status-publish","format-standard","hentry","category-cve-vulnerabilities","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9115"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9115"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9115\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}