CVE-2025-27174
Published: 11 March 2025
Summary
CVE-2025-27174 is a high-severity Use After Free (CWE-416) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the Use After Free vulnerability by requiring timely identification, reporting, and patching of affected Acrobat Reader versions as per Adobe bulletin APSB25-14.
Provides memory protection mechanisms like ASLR and DEP that mitigate exploitation of the Use After Free flaw by hindering arbitrary code execution.
Enables vulnerability scanning to identify systems running vulnerable Acrobat Reader versions, facilitating remediation before exploitation via malicious PDFs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in PDF processing enables arbitrary code execution upon opening a malicious file in Acrobat Reader, directly mapping to client-side exploitation and user execution of malicious files.
NVD Description
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…
more
victim must open a malicious file.
Deeper analysisAI
CVE-2025-27174 is a Use After Free (CWE-416) vulnerability affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. This flaw occurs during file processing and can lead to arbitrary code execution in the context of the current user. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact with low attack complexity but requiring local access and user interaction.
Exploitation requires an attacker to deliver a malicious PDF file to a victim, who must then open it in a vulnerable version of Acrobat Reader. No special privileges are needed (PR:N), making it accessible to any local attacker with the ability to entice user interaction, such as through phishing or social engineering. Successful exploitation allows arbitrary code execution, potentially granting the attacker high confidentiality, integrity, and availability impacts within the user's session.
Adobe Security Bulletin APSB25-14, available at https://helpx.adobe.com/security/products/acrobat/apsb25-14.html, details patches for affected versions and recommends updating to the latest release to mitigate the issue.
Details
- CWE(s)