High severity7.8NVD Advisory· Published Dec 9, 2025· Updated Apr 28, 2026

CVE-2025-64785

Description

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file.

Affected products

Adobe Inc./Acrobat
cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
Range: >=20.001.3005,<20.005.30838
Adobe Inc./Acrobat Dc
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Range: <25.001.20997
Adobe Inc./Acrobat Reader
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
Range: >=20.001.3005,<20.005.30838
Adobe Inc./Acrobat Reader Dc
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Range: <25.001.20997

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/acrobat/apsb25-119.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000