CVE-2025-54255
Acrobat Reader | Violation of Secure Design Principles (CWE-657)
In short
Acrobat Reader has a flaw that allows a security feature meant to protect document integrity to be bypassed without needing to log in or interact with the user. This could let someone modify or tamper with PDF documents in ways they shouldn't be able to.
Technical detail
A Violation of Secure Design Principles (CWE-657) in Acrobat Reader allows unauthenticated bypass of an integrity protection mechanism. The vulnerability requires no user interaction and affects the confidentiality or integrity of protected documents; exploitation may be achieved through crafted PDF files or network-based vectors targeting the security control's logic.
Summary generated and translated by AI from the official description.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
Adobe · Acrobat ReaderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →