CVE-2025-27160

CVE-2025-27160 is a Use After Free vulnerability (CWE-416) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and can result in arbitrary code execution in the context of the current user.

The vulnerability can be exploited by an attacker who tricks a victim into opening a malicious file locally, such as a specially crafted PDF. No special privileges are required (PR:N), and the attack has low complexity (AC:L), but it demands user interaction (UI:R). Successful exploitation allows the attacker to execute arbitrary code with the victim's user privileges, potentially leading to high confidentiality, integrity, and availability impacts without changing scope.

Adobe Security Bulletin APSB25-14, available at https://helpx.adobe.com/security/products/acrobat/apsb25-14.html, provides details on the issue and recommended mitigations, including patches for affected versions.