CVE-2025-27158
Published: 11 March 2025
Summary
CVE-2025-27158 is a high-severity Access of Uninitialized Pointer (CWE-824) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identification, reporting, and timely remediation of flaws like the uninitialized pointer vulnerability in Adobe Acrobat Reader versions affected by CVE-2025-27158 to prevent arbitrary code execution.
Provides memory protections such as DEP and ASLR that mitigate unauthorized code execution from exploitation of the uninitialized pointer dereference in vulnerable Acrobat Reader.
Requires vulnerability scanning to identify systems running vulnerable Adobe Acrobat Reader versions affected by CVE-2025-27158, enabling proactive remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a memory corruption flaw in Adobe Acrobat Reader that enables arbitrary code execution when a user opens a malicious file (e.g., PDF), directly mapping to Exploitation for Client Execution (T1203) and User Execution via Malicious File (T1204.002).
NVD Description
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that…
more
a victim must open a malicious file.
Deeper analysisAI
CVE-2025-27158 is an Access of Uninitialized Pointer vulnerability (CWE-824) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. The flaw enables arbitrary code execution in the context of the current user. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2025-03-11.
Exploitation requires user interaction, as a victim must open a malicious file processed by the affected Acrobat Reader. An attacker with no privileges can deliver such a file through common vectors like email attachments or downloads, tricking the user into opening it to trigger the vulnerability and achieve arbitrary code execution under the current user's context.
Adobe Security Bulletin APSB25-14 and Talos Intelligence report TALOS-2025-2135 detail the issue and mitigation steps, including available patches for Acrobat Reader.
Details
- CWE(s)