CVE-2025-27160
Published: 11 March 2025
Summary
CVE-2025-27160 is a high-severity Use After Free (CWE-416) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the Use After Free vulnerability through patching affected Adobe Acrobat Reader versions.
Implements memory protection mechanisms like ASLR and DEP that mitigate exploitation of the Use After Free vulnerability.
Deploys malicious code protection tools to scan and block malicious PDF files targeting the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Adobe Acrobat Reader allows arbitrary code execution when user opens malicious PDF file, directly enabling client-side exploitation (T1203) and user execution of malicious file (T1204.002).
NVD Description
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…
more
victim must open a malicious file.
Deeper analysisAI
CVE-2025-27160 is a Use After Free vulnerability (CWE-416) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and can result in arbitrary code execution in the context of the current user.
The vulnerability can be exploited by an attacker who tricks a victim into opening a malicious file locally, such as a specially crafted PDF. No special privileges are required (PR:N), and the attack has low complexity (AC:L), but it demands user interaction (UI:R). Successful exploitation allows the attacker to execute arbitrary code with the victim's user privileges, potentially leading to high confidentiality, integrity, and availability impacts without changing scope.
Adobe Security Bulletin APSB25-14, available at https://helpx.adobe.com/security/products/acrobat/apsb25-14.html, provides details on the issue and recommended mitigations, including patches for affected versions.
Details
- CWE(s)