Cyber Posture

CVE-2025-27159

High

Published: 11 March 2025

Published
11 March 2025
Modified
28 April 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27159 is a high-severity Use After Free (CWE-416) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the Use After Free vulnerability by requiring timely patching of affected Adobe Acrobat Reader versions to prevent arbitrary code execution.

SI-16 Memory Protection good match
prevent

Implements memory protections such as DEP and ASLR that defend against Use After Free exploits leading to code execution even if unpatched.

SI-3 Malicious Code Protection partial match
preventdetect

Deploys malicious code protection mechanisms like antivirus scanners to detect and block specially crafted malicious PDF files before or during processing.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

The Use After Free vulnerability enables arbitrary code execution when a victim opens a specially crafted malicious file, directly mapping to T1204.002 Malicious File under User Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…

more

victim must open a malicious file.

Deeper analysisAI

CVE-2025-27159 is a Use After Free vulnerability (CWE-416) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. Published on 2025-03-11, it could result in arbitrary code execution in the context of the current user.

Exploitation requires user interaction, as a victim must open a malicious file. The CVSS v3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a local attack vector with low attack complexity, no privileges required, and user interaction needed, leading to high impacts on confidentiality, integrity, and availability with unchanged scope. Attackers who can deliver a specially crafted file to a target user could achieve remote code execution upon file opening.

Adobe's security bulletin APSB25-14, available at https://helpx.adobe.com/security/products/acrobat/apsb25-14.html, details mitigation steps and patches for affected versions.

Details

CWE(s)
CWE-416

Affected Products

adobe
acrobat
20.001.30002 — 20.005.30763 · 24.0.0 — 24.001.30235
adobe
acrobat dc
15.008.20082 — 25.001.20432
adobe
acrobat reader
20.001.30002 — 20.005.30763
adobe
acrobat reader dc
15.008.20082 — 25.001.20432

CVEs Like This One

CVE-2025-27174Same product: Adobe Acrobat
CVE-2025-27160Same product: Adobe Acrobat
CVE-2026-27278Same product: Adobe Acrobat
CVE-2026-27220Same product: Adobe Acrobat
CVE-2025-27161Same product: Adobe Acrobat
CVE-2025-27158Same product: Adobe Acrobat
CVE-2025-27162Same product: Adobe Acrobat
CVE-2026-34622Same product: Adobe Acrobat
CVE-2026-34621Same product: Adobe Acrobat
CVE-2025-21159Same product: Apple Macos

References