7.8

CVE-2025-64785

Acrobat Reader | Untrusted Search Path (CWE-426)

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat SwEditionclassic Version >= 20.001.3005 < 20.005.30838
AdobeAcrobat Dc SwEditioncontinuous Version < 25.001.20997
AdobeAcrobat Reader SwEditionclassic Version >= 20.001.3005 < 20.005.30838
AdobeAcrobat Reader Dc SwEditioncontinuous Version < 25.001.20997
AdobeAcrobat SwEditionclassic Version >= 24.001.20604 < 24.001.30307
   MicrosoftWindows Version-
AdobeAcrobat SwEditionclassic Version >= 24.001.20604 < 24.001.30308
   ApplemacOS Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
psirt@adobe.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.