First published: Tue Mar 11 2025(Updated: )
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Reader Notification Manager | <24.001.30225<20.005.30748<25.001.20428 | |
All of | ||
Any of | ||
Adobe Acrobat Reader | >=20.001.30002<20.005.30763 | |
Adobe Acrobat Reader | >=24.0.0<24.001.30235 | |
Adobe Acrobat Reader DC | >=15.008.20082<25.001.20432 | |
Adobe Acrobat Reader Notification Manager | >=20.001.30002<20.005.30763 | |
Adobe Acrobat Reader | >=15.008.20082<25.001.20432 | |
Any of | ||
macOS | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-27161 is rated as a high severity vulnerability due to its potential for unauthorized reading of sensitive data.
To mitigate CVE-2025-27161, users should update Adobe Acrobat Reader to the latest version that addresses this vulnerability.
CVE-2025-27161 affects Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, and 25.001.20428 and earlier.
CVE-2025-27161 is an out-of-bounds read vulnerability that could allow attackers to read beyond allocated memory.
Yes, CVE-2025-27161 could potentially be exploited remotely if an attacker tricks a user into opening a specially crafted file.