Request a Demo
Rewterz
Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks
March 12, 2025
Rewterz
Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks
March 12, 2025

Multiple Adobe Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-24431 CVSS:5.5

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27158 CVSS:7.8

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27161 CVSS:7.8

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27164 CVSS:5.5

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27174 CVSS:7.8

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27162 CVSS:7.8

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27160 CVSS:7.8

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27159 CVSS:7.8

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27163 CVSS:5.5

Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27169 CVSS:7.8

Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27167 CVSS:7.8

Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.

CVE-2025-27170 CVSS:5.5

Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27168 CVSS:7.8

Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24449 CVSS:5.5

Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24448 CVSS:5.5

Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21169 CVSS:7.8

Adobe Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Impact

  • Denial of Service
  • Gain Access
  • Buffer Overflow
  • Code Execution
  • Security Bypass
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-24431

  • CVE-2025-27158

  • CVE-2025-27161

  • CVE-2025-27164

  • CVE-2025-27174

  • CVE-2025-27162

  • CVE-2025-27160

  • CVE-2025-27159

  • CVE-2025-27163

  • CVE-2025-27169

  • CVE-2025-27167

  • CVE-2025-27170

  • CVE-2025-27168

  • CVE-2025-24449

  • CVE-2025-24448

  • CVE-2025-21169

Affected Vendors

Adobe

Affected Products

  • Adobe Acrobat Reader 24.001.30225
  • Adobe Acrobat Reader 20.005.30748
  • Adobe Acrobat Reader 25.001.20428
  • Adobe Illustrator 29.2.1
  • Adobe Illustrator 28.7.4
  • Adobe Substance3D - Designer 14.1

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Acrobat Reader

Adobe Illustrator

Adobe Substance3D - Designer