Description
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.
Published: 2025-12-09
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier contain an improper verification of cryptographic signature flaw (CWE‑347). The flaw allows a signed document to be tampered with, bypassing Adobe’s integrity checks. An attacker who convinces a user to open a maliciously signed PDF can gain limited unauthorized write access, potentially altering configuration files or inserting malware.

Affected Systems

The vulnerability impacts Adobe Acrobat Reader and its related products, including Acrobat, Acrobat DC, Reader classic and Reader DC on both macOS and Windows. The affected versions are 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and any earlier releases.

Risk and Exploitability

The CVSS score of 3.3 classifies the issue as low severity, while the EPSS score of less than 1% reflects a very low likelihood of exploitation. The attack requires user interaction with a signed document, making social engineering or targeted delivery of a malicious PDF necessary. The vulnerability is not in the CISA KEV catalog, so no widespread active exploitation has been reported, but the possibility of gaining write privileges warrants prompt remediation for high‑value environments.

Generated by OpenCVE AI on May 2, 2026 at 08:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Acrobat Reader to the latest released version that contains the signature verification fix
  • Disable automatic opening of signed documents or restrict the acceptance of digital signatures to trusted sources until a patch is applied
  • Verify any signed documents are obtained from verified suppliers and treat unfamiliar signatures as suspicious

Generated by OpenCVE AI on May 2, 2026 at 08:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue does not require user interaction. Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.

Fri, 12 Dec 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows

Fri, 12 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Dec 2025 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
Title Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Adobe Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-28T02:23:32.316Z

Reserved: 2025-11-11T22:48:38.823Z

Link: CVE-2025-64786

cve-icon Vulnrichment

Updated: 2025-12-12T17:10:28.489Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-09T21:15:59.133

Modified: 2026-04-28T15:39:49.807

Link: CVE-2025-64786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:30:26Z

Weaknesses