8.4

CVE-2025-64785

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat SwEditionclassic Version >= 20.001.3005 < 20.005.30838
AdobeAcrobat Dc SwEditioncontinuous Version < 25.001.20997
AdobeAcrobat Reader SwEditionclassic Version >= 20.001.3005 < 20.005.30838
AdobeAcrobat Reader Dc SwEditioncontinuous Version < 25.001.20997
AdobeAcrobat SwEditionclassic Version >= 24.001.20604 < 24.001.30307
   MicrosoftWindows Version-
AdobeAcrobat SwEditionclassic Version >= 24.001.20604 < 24.001.30308
   ApplemacOS Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@adobe.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.