Essential safety updates for Acrobat and Reader can be found, addressing a number of vulnerabilities that might permit attackers to execute arbitrary code and bypass important security measures.
Adobe issued safety bulletin APSB25-119 on December 9, 2025, with a precedence score of three, affecting each Home windows and macOS platforms. The vulnerabilities stem from a number of weaknesses within the PDF processing engine.
VulnerabilityCategoryImpactSeverityCVSS ScoreCVEUntrusted Search PathCWE-426Arbitrary code executionCritical7.8CVE-2025-64785Out-of-bounds ReadCWE-125Arbitrary code executionCritical7.8CVE-2025-64899Improper Verification of Cryptographic SignatureCWE-347Security function bypassModerate3.3CVE-2025-64786Improper Verification of Cryptographic SignatureCWE-347Security function bypassModerate3.3CVE-2025-64787
How Attackers Might Exploit the Flaws
Two vital flaws allow arbitrary code execution by means of untrusted search path vulnerabilities and out-of-bounds learn errors. These points carry a CVSS base rating of seven.8, indicating extreme danger to customers.
Two extra reasonable vulnerabilities associated to improper verification of cryptographic signatures might permit attackers to bypass security measures, every with a CVSS rating of three.3.
The affected merchandise embody Acrobat DC, Acrobat Reader DC, Acrobat 2024, Acrobat 2020, and Acrobat Reader 2020 throughout all present variations.
ProductTrackAffected VersionsPlatformAcrobat DCContinuous25.001.20982 and earlierWindows & macOSAcrobat Reader DCContinuous25.001.20982 and earlierWindows & macOSAcrobat 2024Classic 2024Win – 24.001.30264 and earlier; Mac – 24.001.30273 and earlierWindows & macOSAcrobat 2020Classic 2020Win – 20.005.30793 and earlier; Mac – 20.005.30803 and earlierWindows & macOSAcrobat Reader 2020Classic 2020Win – 20.005.30793 and earlier; Mac – 20.005.30803 and earlierWindows & macOS
Adobe recommends putting in the most recent variations instantly. Customers can replace manually by means of Assist > Verify for Updates, or permit computerized updates to put in safety patches with out intervention.
The up to date variations embody Acrobat DC and Reader DC 25.001.20997, Acrobat 2024 variations 24.001.30307 (Home windows) and 24.001.30308 (macOS), and Acrobat 2020 variations 20.005.30838 throughout each platforms.
IT directors ought to deploy updates utilizing their most well-liked technique, resembling AIP-GPO, bootstrapper, or SCCM, for Home windows environments.
At present, Adobe studies no recognized exploits focusing on these vulnerabilities within the wild. Nonetheless, the vital nature of the failings and their potential for distant execution make immediate patching important.
Organizations ought to prioritize updating all affected Acrobat installations to stop potential compromise.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
