CVE-2025-27174

CVE-2025-27174 is a Use After Free (CWE-416) vulnerability affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. This flaw occurs during file processing and can lead to arbitrary code execution in the context of the current user. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact with low attack complexity but requiring local access and user interaction.

Exploitation requires an attacker to deliver a malicious PDF file to a victim, who must then open it in a vulnerable version of Acrobat Reader. No special privileges are needed (PR:N), making it accessible to any local attacker with the ability to entice user interaction, such as through phishing or social engineering. Successful exploitation allows arbitrary code execution, potentially granting the attacker high confidentiality, integrity, and availability impacts within the user's session.

Adobe Security Bulletin APSB25-14, available at https://helpx.adobe.com/security/products/acrobat/apsb25-14.html, details patches for affected versions and recommends updating to the latest release to mitigate the issue.