Cyber Resilience

CVE-2025-27161

High

Published: 11 March 2025

Published
11 March 2025
Modified
28 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0012 29.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27161 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-27161 is an out-of-bounds read vulnerability (CWE-125) affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. The issue arises when parsing a crafted file, which could result in a read past the end of an allocated memory structure. Published on 2025-03-11, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by an attacker who tricks a victim into opening a malicious file, requiring local access and user interaction but no special privileges. Successful exploitation allows arbitrary code execution in the context of the current user, potentially leading to full compromise of the victim's system with high impacts on confidentiality, integrity, and availability.

Adobe's security bulletin APSB25-14 provides details on mitigation and available patches: https://helpx.adobe.com/security/products/acrobat/apsb25-14.html.

EU & UK References

Vulnerability details

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability…

more

to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

The out-of-bounds read in Adobe Acrobat Reader enables arbitrary code execution upon opening a crafted malicious file, directly mapping to client-side exploitation (T1203) and user execution of a malicious file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27162Same product: Adobe Acrobat
CVE-2025-27158Same product: Adobe Acrobat
CVE-2025-27160Same product: Adobe Acrobat
CVE-2025-27174Same product: Adobe Acrobat
CVE-2026-27278Same product: Adobe Acrobat
CVE-2026-34622Same product: Adobe Acrobat
CVE-2026-34621Same product: Adobe Acrobat
CVE-2026-27220Same product: Adobe Acrobat
CVE-2026-27287Same product: Apple Macos
CVE-2026-27269Same product: Apple Macos

Affected Assets

adobe
acrobat
20.001.30002 — 20.005.30763 · 24.0.0 — 24.001.30235
adobe
acrobat dc
15.008.20082 — 25.001.20432
adobe
acrobat reader
20.001.30002 — 20.005.30763
adobe
acrobat reader dc
15.008.20082 — 25.001.20432

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely patching of known flaws like this out-of-bounds read vulnerability in vulnerable Acrobat Reader versions.

detect

Enables scanning to identify systems running affected Acrobat Reader versions exposed to this CVE.

prevent

Implements memory protections such as ASLR and DEP to mitigate code execution from the out-of-bounds read exploitation.

References