CVE-2025-27161
Published: 11 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-27161 is an out-of-bounds read vulnerability (CWE-125) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. The issue arises when parsing a crafted file, which could result in a read past the end of an allocated memory structure. Published on 2025-03-11, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
The vulnerability can be exploited by an attacker who tricks a victim into opening a malicious file, requiring local access and user interaction but no special privileges. Successful exploitation allows arbitrary code execution in the context of the current user, potentially leading to full compromise of the victim's system with high impacts on confidentiality, integrity, and availability.
Adobe's security bulletin APSB25-14 provides details on mitigation and available patches: https://helpx.adobe.com/security/products/acrobat/apsb25-14.html.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The out-of-bounds read in Adobe Acrobat Reader enables arbitrary code execution upon opening a crafted malicious file, directly mapping to client-side exploitation (T1203) and user execution of a malicious file (T1204.002).