Analysis Summary

CVE-2025-271561 CVSS:7.8

Adobe Acrobat and Adobe Reader could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2025-30300 CVSS:5.5

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30303 CVSS:5.5

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Impact

• Code Execution
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-271561

• CVE-2025-30300

• CVE-2025-30303

Affected Vendors

Affected Products

• Adobe Framemaker - 0
• Adobe Acrobat Reader DC - 25.001.20428
• Adobe Acrobat DC - 25.001.20428
• Adobe Acrobat 2024 - 24.001.30225
• Adobe Acrobat 2020 - 20.005.30748

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-271561

CVE-2025-30300

CVE-2025-30303