Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 01 Oct 2025 21:45:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Exploitation of this issue does not require user interaction, and scope is unchanged. Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.

Mon, 15 Sep 2025 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows

Thu, 11 Sep 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Sep 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 09 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Exploitation of this issue does not require user interaction. Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Exploitation of this issue does not require user interaction, and scope is unchanged.

Tue, 09 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Exploitation of this issue does not require user interaction.
Title Acrobat Reader | Violation of Secure Design Principles (CWE-657)
Weaknesses CWE-657
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-10-01T21:37:47.035Z

Reserved: 2025-07-17T21:15:02.455Z

Link: CVE-2025-54255

cve-icon Vulnrichment

Updated: 2025-09-09T20:17:11.967Z

cve-icon NVD

Status : Modified

Published: 2025-09-09T20:15:44.357

Modified: 2025-10-01T22:15:31.193

Link: CVE-2025-54255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-11T10:42:57Z