Dangerous Vulnerabilities in Adobe Acrobat and Reader: Risk of Full System Compromise

December 2025 — Adobe has released emergency security updates for its Acrobat and Reader products. According to Security Bulletin APSB25-119, several vulnerabilities have been identified—some of which may allow attackers to execute arbitrary code remotely or without user interaction, while others may enable bypassing built-in security mechanisms.

Summary of Identified Vulnerabilities

  • Untrusted Search Path (CWE-426) — Arbitrary code execution, Critical, CVSS 7.8 (CVE-2025-64785)
  • Out-of-bounds Read (CWE-125) — Arbitrary code execution, Critical, CVSS 7.8 (CVE-2025-64899)
  • Improper Verification of Cryptographic Signature (CWE-347) — Security feature bypass, Moderate, CVSS 3.3 (CVE-2025-64786)
  • Improper Verification of Cryptographic Signature (CWE-347) — Security feature bypass, Moderate, CVSS 3.3 (CVE-2025-64787)

Two critical vulnerabilities (CVE-2025-64785 and CVE-2025-64899) arise from issues in the PDF processing engine, including insecure search paths and improper memory handling. These flaws pose a significant threat to users.

The two moderate-severity issues stem from the improper validation of cryptographic signatures, potentially allowing attackers to bypass certain security restrictions.

Affected Products and Versions

The vulnerabilities impact the following Acrobat/Reader product families, with risks present across all active versions:

  • Acrobat DC (Continuous) — 25.001.20982 and earlier (Windows & macOS)
  • Acrobat Reader DC (Continuous) — 25.001.20982 and earlier (Windows & macOS)
  • Acrobat 2024 (Classic 2024)
    • Windows: 24.001.30264 and earlier
    • macOS: 24.001.30273 and earlier
  • Acrobat 2020 (Classic 2020)
    • Windows: 20.005.30793 and earlier
    • macOS: 20.005.30803 and earlier
  • Acrobat Reader 2020 (Classic 2020) — corresponding Windows/macOS versions

Updated versions released by Adobe:

  • Acrobat/Reader DC — 25.001.20997
  • Acrobat 2024 — 24.001.30307 (Windows), 24.001.30308 (macOS)
  • Acrobat 2020 — 20.005.30838 (Windows & macOS)

How the Vulnerabilities Can Be Exploited

  • Critical vulnerabilities may allow attackers to execute malicious code on the victim’s system simply by getting them to open a specially crafted PDF file. This can lead to:
    • full system compromise
    • data theft
    • remote control of the computer
  • Moderate vulnerabilities could allow attackers to bypass security layers inside the application—such as disguising a malicious file as a trusted one.

Adobe states that no “in-the-wild” exploitation has been observed so far, but due to the potential for automated or long-term attacks, immediate patching is strongly advised.

Practical Recommendations

For Regular Users

  • Update today. Install the latest Acrobat/Reader updates via Help → Check for Updates or by enabling automatic updates.
  • Avoid suspicious PDFs. Do not open files from unverified sources.
  • Update antivirus/EDR. Ensure your security tools have the latest signatures.

For IT Administrators (Enterprise Environments)

  • Deploy updates systematically. Use AIP-GPO, SCCM, bootstrapper, or other enterprise patch-management systems to push updates across all endpoints.
  • Prioritize critical systems. Update internet-facing workstations and systems that frequently receive external documents first.
  • Enhance monitoring. Add SIEM/EDR rules to detect unusual PDF-triggered processes.
  • Enforce stricter policies. Disable unnecessary scripts/macros inside PDFs and consider sandboxing risky processes.
  • Warn employees. Send internal notifications about phishing attempts involving unexpected or suspicious PDF attachments.

Why This Matters Now

PDF is one of the most widely used document formats in government agencies, corporations, and daily office workflows.
Because of this widespread usage, vulnerabilities in the PDF engine can affect large numbers of organizations very quickly.

The two critical vulnerabilities enabling remote code execution make rapid patching an urgent security priority.

Adobe APSB25-119 is a serious alert: multiple vulnerabilities in Acrobat and Reader could allow attackers to gain system access or bypass security controls. Adobe urges all users and IT administrators to apply the security patches immediately.