CVE-2025-64785

CWE-4264 documents4 sources

Severity

8.4HIGH

EPSS

0.1%

top 82.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader +1 more

Timeline

PublishedDec 9

Description

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not requ…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDadobe/acrobat_reader20.001.3005 — 20.005.30838

▶NVDadobe/acrobat_reader_dc< 25.001.20997

▶CVEListV5adobe/acrobat_reader20.005.30803

▶NVDadobe/acrobat20.001.3005 — 20.005.30838+2

▶NVDadobe/acrobat_dc< 25.001.20997

🔴Vulnerability Details

GHSA

GHSA-h444-3g5w-w93p: Acrobat Reader versions 24↗2025-12-09

▶

CVEList

Acrobat Reader | Untrusted Search Path (CWE-426)↗2025-12-09

▶

🕵️Threat Intelligence

Wiz

CVE-2025-64785 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶