Cyber Resilience

CVE-2023-21608

HighCISA KEVActive ExploitationEUVD Exploited

Published: 18 January 2023

Published
18 January 2023
Modified
23 October 2025
KEV Added
10 October 2023
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7747 99.0th percentile
Risk Priority 82 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-21608 is a high-severity Use After Free (CWE-416) vulnerability in Adobe Acrobat Dc. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

Adobe Acrobat Reader versions 22.003.20282 and earlier, 22.003.20281 and earlier, and 20.005.30418 and earlier contain a Use After Free vulnerability tracked as CWE-416. The flaw can lead to arbitrary code execution in the context of the current user when triggered.

An attacker can exploit the issue by supplying a malicious file that the victim must open. Successful exploitation requires no privileges and occurs locally with user interaction, resulting in full control over the affected process under the CVSS 7.8 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Adobe's advisory APSB23-01 addresses the issue with updated builds, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities. The associated EPSS score has reached a peak of 0.8547 with a current value of 0.7747, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

more

requires user interaction in that a victim must open a malicious file.

CWE(s)
KEV Date Added
10 October 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
acrobat dc
15.008.20082 — 22.003.20282 · 15.008.20082 — 22.003.20281
adobe
acrobat reader dc
15.008.20082 — 22.003.20282 · 15.008.20082 — 22.003.20281
adobe
acrobat
20.001.30005 — 20.005.30418
adobe
acrobat reader
20.001.30005 — 20.005.30418

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patch from APSB23-01 to eliminate the use-after-free code paths in Acrobat Reader before exploitation can occur.

preventdetect

Malicious-code protection mechanisms can inspect or sandbox incoming PDFs and block execution of the specially crafted file that triggers the vulnerability.

prevent

Running Acrobat Reader under least-privilege accounts limits the impact of arbitrary code execution to the privileges of the current user after the malicious file is opened.

References