CVE-2025-64785

Acrobat Reader | Untrusted Search Path (CWE-426)

CVSS 7.8 HIGHEPSS 0.4%CWE-426

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

09 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Adobe · Acrobat Reader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://helpx.adobe.com/security/products/acrobat/apsb25-119.html