CVE-2025-64785 - Vulnerability Details

- Acrobat Reader | Untrusted Search Path (CWE-426)

Description

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file.

Published: 2025-12-09

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and all earlier releases are vulnerable to an untrusted search path flaw (CWE‑426). When the operating system’s search path for locating critical resources is manipulated, the application may load a malicious program in place of a legitimate one. If a user opens a crafted file, the victim’s current privileges are abused and arbitrary code can execute within that user context, allowing full control of the client machine.

Affected Systems

Affected systems include Adobe Acrobat Reader on both Windows and macOS. The vulnerable variants are the classic and continuous distribution channels, covering Adobe Acrobat, Adobe Acrobat DC, and Adobe Acrobat Reader. All listed versions and any earlier releases that remain unpatched are susceptible.

Risk and Exploitability

The CVSS base score of 7.8 indicates a high‑severity vulnerability, while the EPSS score of < 1 % reflects a low current exploitation probability. The flaw is not listed in CISA’s KEV catalog. Exploitation requires user interaction; an attacker must convince the user to open a malicious file, often via phishing or social engineering, after which the manipulated search path allows execution of arbitrary code. The principal risk is that an unsuspecting user who opens an infected PDF or similar document could hand over control of the client machine to an attacker.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Adobe

Acrobat Reader

affected

Version	Status	Constraints
`0`	affected	≤ 20.005.30803

Configuration 1 [-]

OR	cpe:2.3:a:adobe:acrobat:::::classic:::*
	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_reader:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*

Configuration 2 [-]

AND

cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Adobe	Acrobat Reader	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Adobe Acrobat Reader to the latest version that includes the untrusted search path fix.
Restrict the operating system’s environment by ensuring that only trusted directories appear before other locations in the search path and by preventing users from modifying the PATH variable that affects Acrobat.
Educate users to avoid opening Acrobat files from unknown or unverified sources and to verify a file’s provenance before launching it.

Generated by OpenCVE AI on May 2, 2026 at 08:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://helpx.adobe.com/security/products/acrobat/apsb25-119.html

History

Tue, 28 Apr 2026 03:00:00 +0000

Type	Values Removed	Values Added
Description	Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.	Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file.

Wed, 07 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 12 Dec 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Adobe acrobat Adobe acrobat Dc Adobe acrobat Reader Dc Apple Apple macos Microsoft Microsoft windows
CPEs		cpe:2.3:a:adobe:acrobat:::::classic:::* cpe:2.3:a:adobe:acrobat_dc:::::continuous:::* cpe:2.3:a:adobe:acrobat_reader:::::classic:::* cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::* cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Adobe acrobat Adobe acrobat Dc Adobe acrobat Reader Dc Apple Apple macos Microsoft Microsoft windows

Wed, 10 Dec 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Adobe Adobe acrobat Reader
Vendors & Products		Adobe Adobe acrobat Reader

Tue, 09 Dec 2025 20:30:00 +0000

Type	Values Removed	Values Added
Description		Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.
Title		Acrobat Reader \| Untrusted Search Path (CWE-426)
Weaknesses		CWE-426
References		https://helpx.adobe.com/security/products/acrobat/apsb25-119.html
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Adobe Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc

Apple Macos

Microsoft Windows

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2025-12-09T20:21:05.355Z

Updated: 2026-04-28T02:23:21.663Z

Reserved: 2025-11-11T22:48:38.823Z

Link: CVE-2025-64785

Vulnrichment

Updated: 2026-01-07T17:04:48.688Z

NVD

Status : Analyzed

Published: 2025-12-09T21:15:58.940

Modified: 2026-04-28T15:39:46.100

Link: CVE-2025-64785

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T08:30:26Z

Weaknesses

CWE-426

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object