“`html
Crucial security patches for Acrobat and Reader have been released, addressing numerous vulnerabilities that could permit attackers to execute arbitrary code and circumvent vital security measures.
On December 9, 2025, Adobe released security bulletin APSB25-119 with a priority rating of 3, impacting both Windows and macOS systems. The vulnerabilities arise from several flaws in the PDF processing engine.
| Vulnerability | Category | Impact | Severity | CVSS Score | CVE |
|---|---|---|---|---|---|
| Untrusted Search Path | CWE-426 | Arbitrary code execution | Critical | 7.8 | CVE-2025-64785 |
| Out-of-bounds Read | CWE-125 | Arbitrary code execution | Critical | 7.8 | CVE-2025-64899 |
| Improper Verification of Cryptographic Signature | CWE-347 | Security feature bypass | Moderate | 3.3 | CVE-2025-64786 |
| Improper Verification of Cryptographic Signature | CWE-347 | Security feature bypass | Moderate | 3.3 | CVE-2025-64787 |
How Attackers Could Exploit the Vulnerabilities
Two significant vulnerabilities allow for arbitrary code execution through untrusted search paths and out-of-bounds read errors. These issues carry a CVSS base score of 7.8, indicating a serious risk to users.
Additionally, two moderate vulnerabilities concerning improper verification of cryptographic signatures could enable attackers to bypass security measures, each with a CVSS score of 3.3.
The impacted products comprise Acrobat DC, Acrobat Reader DC, Acrobat 2024, Acrobat 2020, and Acrobat Reader 2020 across all current versions.
| Product | Track | Affected Versions | Platform |
|---|---|---|---|
| Acrobat DC | Continuous | 25.001.20982 and earlier | Windows & macOS |
| Acrobat Reader DC | Continuous | 25.001.20982 and earlier | Windows & macOS |
| Acrobat 2024 | Classic 2024 | Win – 24.001.30264 and earlier; Mac – 24.001.30273 and earlier | Windows & macOS |
| Acrobat 2020 | Classic 2020 | Win – 20.005.30793 and earlier; Mac – 20.005.30803 and earlier | Windows & macOS |
| Acrobat Reader 2020 | Classic 2020 | Win – 20.005.30793 and earlier; Mac – 20.005.30803 and earlier | Windows & macOS |
Adobe suggests users to install the latest versions without delay. Manual updates can be done through Help > Check for Updates, or by enabling automatic updates to apply security patches efficiently.
The refreshed versions consist of Acrobat DC and Reader DC 25.001.20997, Acrobat 2024 versions 24.001.30307 (Windows) and 24.001.30308 (macOS), along with Acrobat 2020 versions 20.005.30838 for both platforms.
IT administrators ought to roll out updates utilizing their preferred method, including AIP-GPO, bootstrapper, or SCCM, within Windows environments.
Adobe currently reports no known exploits actively targeting these vulnerabilities in the field. Nonetheless, due to the critical nature of these flaws and their potential for remote execution, timely patching is vital.
Organizations should give priority to updating all affected Acrobat installations to avert possible compromises.
“`