Analysis Summary

Recently identified three significant vulnerabilities in Adobe Acrobat Reader that pose serious security risks by enabling attackers to execute arbitrary code or access sensitive information. The most critical, CVE-2025-27158, is a high-severity memory corruption vulnerability (CVSS 8.8) caused by an uninitialized pointer in font handling. Attackers can exploit it using a specially crafted PDF file containing a malicious font, leading to arbitrary code execution. This flaw affects Adobe Acrobat Reader 2024.005.20320 and earlier versions, and successful exploitation could allow attackers to gain unauthorized access to the victim’s system.

Another vulnerability, CVE-2025-27163, is an out-of-bounds read issue affecting the OpenType font parsing functionality, particularly in processing hhea and hmtx tables. This medium-severity vulnerability (CVSS 6.5) allows attackers to extract sensitive data from memory, such as cryptographic keys or passwords, by tricking users into opening a maliciously crafted PDF file. It impacts multiple versions, including Adobe Acrobat Reader 25.001.20428 and earlier. Similarly, CVE-2025-27164, another out-of-bounds read vulnerability (CVSS 6.5), also exploits flaws in OpenType font processing and can leak sensitive memory information. Both vulnerabilities could potentially assist in bypassing Address Space Layout Randomization (ASLR), increasing the risk of further exploitation.

Exploitation of these vulnerabilities requires user interaction, meaning attackers must deceive victims into opening malicious PDF files. This threat is especially concerning for businesses that frequently handle PDF documents, as successful exploitation could allow attackers to execute malware, steal confidential information, or escalate privileges within an organization’s network. The vulnerabilities affect both Windows and Mac versions of Adobe Acrobat Reader DC, Acrobat Classic, and Acrobat 2020, making widespread mitigation essential.

To mitigate risks, security experts strongly recommend updating Adobe Acrobat and Reader to the latest patched versions, released on March 11, 2025. Organizations unable to update immediately should implement network monitoring with updated Snort rules to detect exploitation attempts. Given the severity of these vulnerabilities, proactive security measures, including restricting access to untrusted PDFs and applying behavioral-based endpoint detection, are crucial to preventing potential cyberattacks.

Impact

• Code Execution
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2025-27158

• CVE-2025-27163

• CVE-2025-27164

Affected Vendors

Affected Products

• Adobe Acrobat

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-27158

CVE-2025-27163

CVE-2025-27164