Description
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.
Published: 2025-12-09
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 20.005.30793, 20.005.30803, 24.001.30264, 24.001.30273, 25.001.20982 and earlier contain an improper verification of cryptographic signatures that can be abused to bypass signature checks. The flaw allows an attacker to trick users into accepting a forged signature and, as a result, grants the attacker limited ability to write files on the user’s machine. This vulnerability is classified as CWE‑347, reflecting the failure to properly validate a digital signature before trusting its contents.

Affected Systems

The affected product is Adobe Acrobat Reader, including both classic and continuous (DC) editions. Versions 20.005.30793 through 25.001.20982 and earlier are vulnerable on macOS and Windows platforms, as identified by the relevant Common Platform Enumeration entries.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity, and the EPSS score of less than 1% reflects a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the user to interact with a signed PDF, typically by opening it, meaning the attack is user‑initiated and local. While the flaw does not provide remote code execution, it can be leveraged to achieve unauthorized write access, which could be used to drop or modify files within a user’s writable environment.

Generated by OpenCVE AI on May 1, 2026 at 06:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Acrobat Reader to the latest version that includes the cryptographic signature verification fix.
  • Run Adobe Acrobat Reader with the principle of least privilege and avoid writing to system‑protected directories.
  • Disable automatic opening of signed PDFs and require explicit user confirmation before executing any embedded content.

Generated by OpenCVE AI on May 1, 2026 at 06:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction. Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.

Fri, 12 Dec 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows

Fri, 12 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Dec 2025 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
Title Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Adobe Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-28T02:23:40.010Z

Reserved: 2025-11-11T22:48:38.824Z

Link: CVE-2025-64787

cve-icon Vulnrichment

Updated: 2025-12-12T17:11:00.428Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-09T21:15:59.337

Modified: 2026-04-28T15:39:55.170

Link: CVE-2025-64787

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:15:10Z

Weaknesses