Three significant vulnerabilities in Adobe Acrobat Reader were found, which might allow attackers to run arbitrary code or expose sensitive information.
These vulnerabilities, discovered by Cisco Talos, affect multiple versions of the popular PDF software and pose significant security risks to users who unwittingly open maliciously crafted PDF files.
CVE-2025-27158 is a high-severity memory corruption vulnerability resulting from an uninitialized pointer in Adobe Acrobat Reader’s font handling functionality.
This flaw carries a CVSS 3.1 score of 8.8, making it particularly dangerous. This vulnerability could allow attackers to execute arbitrary code on the victim’s system when exploited.
The attack vector requires a specially crafted font file embedded in a PDF document, which triggers the exploitation when opened by an unsuspecting user.
The vulnerability has been classified under CWE-824 (Access of Uninitialized Pointer) and affects Adobe Acrobat Reader 2024.005.20320 and potentially earlier versions.
The primary concern with this vulnerability is that successful exploitation would allow attackers to run malicious code within the context of the user’s application, potentially granting them access to sensitive information or further system compromise.
| Risk Factors | Details |
| Affected Products | Adobe Acrobat Reader DC (Windows/Mac) 24.005.20421 and earlier versions, Acrobat Classic and Acrobat 2020 versions |
| Impact | Arbitrary code execution |
| Exploit Prerequisites | User must open malicious file |
| CVSS 3.1 Score | 8.8 |
CVE-2025-27163 is an out-of-bounds read vulnerability in the font functionality of Adobe Acrobat Reader that could lead to the disclosure of sensitive memory information.
This vulnerability specifically relates to the OpenType font format parsing, particularly when processing the hhea and hmtx tables in embedded font files.
The vulnerability affects multiple versions of Adobe Acrobat Reader up to 25.001.20428.
Like other vulnerabilities in this series, exploitation requires user interaction—specifically opening a malicious PDF document containing specially crafted font data.
This vulnerability represents a significant security risk as it could allow attackers to access sensitive information stored in memory, potentially including cryptographic keys, passwords, or other confidential data.
| Risk Factors | Details |
| Affected Products | Adobe Acrobat Reader 2024.005.20320 and versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier |
| Impact | Memory disclosure, ASLR bypass |
| Exploit Prerequisites | User must open malicious file |
| CVSS 3.1 Score | 6.5 |
CVE-2025-27164 is another out-of-bounds read vulnerability in Adobe Acrobat Reader’s font handling functionality. With a CVSS 3.1 score of 6.5, it’s classified as a medium-severity flaw.
This vulnerability also relates to the processing of OpenType font files embedded in PDF documents. When exploited, it can lead to the disclosure of sensitive information from system memory.
The vulnerability is categorized under CWE-125 (Out-of-bounds Read) and affects Adobe Acrobat Reader 2024.005.20320 and earlier versions.
Like the other vulnerabilities, exploitation requires user interaction, with the attack vector being a specially crafted PDF file that must be opened by the victim.
| Risk Factors | Details |
| Affected Products | Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier |
| Impact | Memory disclosure, ASLR bypass |
| Exploit Prerequisites | User must open malicious file |
| CVSS 3.1 Score | 6.5 |
These vulnerabilities collectively represent a significant security risk, particularly for organizations that rely heavily on Adobe Acrobat Reader.
Successful exploitation could allow attackers to execute arbitrary code, install malware, modify data, or create new user accounts with full privileges, depending on the rights of the compromised user.
Security experts strongly recommend that users and organizations immediately update to the latest versions of Adobe Acrobat and Reader that contain patches for these vulnerabilities.
The updates were released on March 11, 2025, as part of Adobe’s regular security update cycle.
For those unable to update immediately, implementing network monitoring with updated Snort rules can help detect attempts to exploit these vulnerabilities.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
ESET, a global leader in cybersecurity solutions, has announced a significant enhancement to its ESET…
The dark web has rapidly become a central hub for cybercriminal activity, where stolen data,…
A massive power outage struck the Iberian Peninsula on April 28, 2025, plunging millions of…
A sophisticated new red team tool called RedExt has recently been released, combining a Manifest…
Cybersecurity has rapidly evolved from a back-office technical concern to a boardroom imperative. As digital…
Ransomware has evolved into one of the most formidable threats to organizations worldwide, and 2025…