Cyber Resilience

CVE-2025-27159

High

Published: 11 March 2025

Published
11 March 2025
Modified
28 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27159 is a high-severity Use After Free (CWE-416) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-27159 is a Use After Free vulnerability (CWE-416) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. Published on 2025-03-11, it could result in arbitrary code execution in the context of the current user.

Exploitation requires user interaction, as a victim must open a malicious file. The CVSS v3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a local attack vector with low attack complexity, no privileges required, and user interaction needed, leading to high impacts on confidentiality, integrity, and availability with unchanged scope. Attackers who can deliver a specially crafted file to a target user could achieve remote code execution upon file opening.

Adobe's security bulletin APSB25-14, available at https://helpx.adobe.com/security/products/acrobat/apsb25-14.html, details mitigation steps and patches for affected versions.

EU & UK References

Vulnerability details

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…

more

victim must open a malicious file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

The Use After Free vulnerability enables arbitrary code execution when a victim opens a specially crafted malicious file, directly mapping to T1204.002 Malicious File under User Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27160Same product: Adobe Acrobat
CVE-2025-27174Same product: Adobe Acrobat
CVE-2026-27278Same product: Adobe Acrobat
CVE-2026-27220Same product: Adobe Acrobat
CVE-2025-27162Same product: Adobe Acrobat
CVE-2025-27161Same product: Adobe Acrobat
CVE-2025-27158Same product: Adobe Acrobat
CVE-2026-34622Same product: Adobe Acrobat
CVE-2026-34621Same product: Adobe Acrobat
CVE-2026-34638Same product: Apple Macos

Affected Assets

adobe
acrobat
20.001.30002 — 20.005.30763 · 24.0.0 — 24.001.30235
adobe
acrobat dc
15.008.20082 — 25.001.20432
adobe
acrobat reader
20.001.30002 — 20.005.30763
adobe
acrobat reader dc
15.008.20082 — 25.001.20432

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the Use After Free vulnerability by requiring timely patching of affected Adobe Acrobat Reader versions to prevent arbitrary code execution.

prevent

Implements memory protections such as DEP and ASLR that defend against Use After Free exploits leading to code execution even if unpatched.

preventdetect

Deploys malicious code protection mechanisms like antivirus scanners to detect and block specially crafted malicious PDF files before or during processing.

References