Acrobat Reader | Untrusted Search Path (CWE-426)_CVE-2025-64785

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.

Basic Information

ID CVE-2025-64785

Source adobe

Published Dec 9, 2025 at 20:21

Affected Product

Vendor Adobe

Product Acrobat Reader

Affected Versions Adobe Acrobat Reader 0

CWE Classification

CWE-426

References

helpx.adobe.com /security/products/acrobat/apsb25-119.html

{
    "lastseen": "",
    "description": "Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.",
    "published": "2025-12-09T20:21:05.355Z",
    "modified": "2025-12-09T20:21:05.355Z",
    "type": "cve",
    "title": "Acrobat Reader | Untrusted Search Path (CWE-426)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/acrobat/apsb25-119.html",
    "id": "CVE-2025-64785",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "Adobe Acrobat Reader 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Acrobat Reader",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}