Untrusted Search Path Vulnerability in Adobe Acrobat Reader
CVE-2025-64785

7.8HIGH

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-64785?

Adobe Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, and 20.005.30803 and earlier are susceptible to an untrusted search path vulnerability. This security flaw could permit attackers to execute arbitrary code in the context of the current user due to improper validation of search paths used to locate critical resources. By manipulating these paths, an attacker can cause the application to run a malicious program without requiring any user interaction, significantly increasing the risk of exploitation.

Affected Version(s)

Acrobat Reader 0 <= 20.005.30803

References

https://helpx.adobe.com/security/products/acrobat/apsb25-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Nov 11, 2025

JSON