CVE-2025-64787

CWE-3474 documents4 sources

Severity

4.0MEDIUM

EPSS

0.0%

top 91.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader +1 more

Timeline

PublishedDec 9

Description

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages5 packages

▶NVDadobe/acrobat_reader20.001.3005 — 20.005.30838

▶NVDadobe/acrobat_reader_dc< 25.001.20997

▶CVEListV5adobe/acrobat_reader20.005.30803

▶NVDadobe/acrobat20.001.3005 — 20.005.30838+2

▶NVDadobe/acrobat_dc< 25.001.20997

🔴Vulnerability Details

GHSA

GHSA-636h-73hj-chgr: Acrobat Reader versions 24↗2025-12-09

▶

CVEList

Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)↗2025-12-09

▶

🕵️Threat Intelligence

Wiz

CVE-2025-64787 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶