CVE-2025-64787

low-risk

Published 2025-12-09

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (4)

Acrobat

Acrobat Dc

Acrobat Reader

Acrobat Reader Dc

Affected Vendors

Adobe

References (1)

Vendor Advisory https://helpx.adobe.com/security/products/acrobat/apsb25-119.html

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 10/34 · Low