CVE-2025-27158
Published: 11 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-27158 is an Access of Uninitialized Pointer vulnerability (CWE-824) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. The flaw enables arbitrary code execution in the context of the current user. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2025-03-11.
Exploitation requires user interaction, as a victim must open a malicious file processed by the affected Acrobat Reader. An attacker with no privileges can deliver such a file through common vectors like email attachments or downloads, tricking the user into opening it to trigger the vulnerability and achieve arbitrary code execution under the current user's context.
Adobe Security Bulletin APSB25-14 and Talos Intelligence report TALOS-2025-2135 detail the issue and mitigation steps, including available patches for Acrobat Reader.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a memory corruption flaw in Adobe Acrobat Reader that enables arbitrary code execution when a user opens a malicious file (e.g., PDF), directly mapping to Exploitation for Client Execution (T1203) and User Execution via Malicious File (T1204.002).