March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks
March 12, 2025Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks
March 12, 2025Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks
March 12, 2025Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks
March 12, 2025
Severity
Medium
Analysis Summary
CVE-2025-24431 CVSS:5.5
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27158 CVSS:7.8
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27161 CVSS:7.8
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27164 CVSS:5.5
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27174 CVSS:7.8
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27162 CVSS:7.8
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27160 CVSS:7.8
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27159 CVSS:7.8
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27163 CVSS:5.5
Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27169 CVSS:7.8
Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27167 CVSS:7.8
Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
CVE-2025-27170 CVSS:5.5
Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27168 CVSS:7.8
Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24449 CVSS:5.5
Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24448 CVSS:5.5
Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21169 CVSS:7.8
Adobe Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Impact
- Denial of Service
- Gain Access
- Buffer Overflow
- Code Execution
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-24431
CVE-2025-27158
CVE-2025-27161
CVE-2025-27164
CVE-2025-27174
CVE-2025-27162
CVE-2025-27160
CVE-2025-27159
CVE-2025-27163
CVE-2025-27169
CVE-2025-27167
CVE-2025-27170
CVE-2025-27168
CVE-2025-24449
CVE-2025-24448
CVE-2025-21169
Affected Vendors
Adobe
Affected Products
- Adobe Acrobat Reader 24.001.30225
- Adobe Acrobat Reader 20.005.30748
- Adobe Acrobat Reader 25.001.20428
- Adobe Illustrator 29.2.1
- Adobe Illustrator 28.7.4
- Adobe Substance3D - Designer 14.1
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.