Adobe Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and all earlier releases contain a use‑after‑free flaw in the PDF processing engine. The flaw occurs after memory is freed but a reference to that memory is still used, allowing an attacker to overwrite the freed area and execute arbitrary code. When a victim opens a specially crafted PDF file, the vulnerability can be triggered, resulting in code execution with the privileges of the user who opens the file.

The affected products are Adobe Acrobat Reader – both the classic and DC continuous editions – on all major desktop platforms. The known affected versions include 24.001.30307, 24.001.30308, 25.001.21265 and any earlier release of Acrobat Reader. The vulnerability applies to Windows and macOS operating systems where the software is installed.

The severity score of 7.8 indicates a high impact. The EPSS score is below 1 %, suggesting that the probability of exploitation is low at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires the user to deliberately open a malicious PDF file, so the attack vector is local user interaction. Because the code runs with the current user’s privileges, it can compromise the user’s data, elevate privileges, or allow persistence. While remote exploitation is not possible, an adversary can use social engineering to deliver the file.