CVE-2025-24431

CWE-125Out-of-bounds Read3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 70.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader+1 more
Timeline
PublishedMar 11

Description

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDadobe/acrobat_reader20.001.3000220.005.30763
NVDadobe/acrobat_reader_dc15.008.2008225.001.20432
CVEListV5adobe/acrobat_reader25.001.20428
NVDadobe/acrobat20.001.3000220.005.30763+1
NVDadobe/acrobat_dc15.008.2008225.001.20432

🔴Vulnerability Details

2
CVEList
Acrobat Reader | Out-of-bounds Read (CWE-125)2025-03-11
GHSA
GHSA-gghm-r42p-98f9: Acrobat Reader versions 242025-03-11
CVE-2025-24431 (MEDIUM CVSS 5.5) | Acrobat Reader versions 24.001.3022 | cvebase.io