CVE-2025-64786 – Acrobat Reader has an improper cryptographic si... (How to Fix)

Q: What is the severity of CVE-2025-64786?

CVE-2025-64786 has a CVSS score of 3.3 (LOW). Acrobat Reader has an improper cryptographic signature verification vulnerability that allows attackers to bypass security features and gain limited unauthorized write access. This affects users of Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier. Exploitation requires no user interaction.

📋 TL;DR

Acrobat Reader has an improper cryptographic signature verification vulnerability that allows attackers to bypass security features and gain limited unauthorized write access. This affects users of Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier. Exploitation requires no user interaction.

💻 Affected Systems

Products:

Adobe Acrobat Reader DC
Adobe Acrobat Reader

Versions: 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker could modify system files or configuration data, potentially leading to privilege escalation or persistence mechanisms.

🟠

Likely Case

Limited file modification in user-accessible directories, potentially enabling further attacks or data manipulation.

🟢

If Mitigated

Impact limited to isolated sandbox environment with proper application sandboxing and file integrity monitoring.

🌐 Internet-Facing: MEDIUM - While exploitation requires no user interaction, attacker would need to deliver malicious content to target systems.

🏢 Internal Only: MEDIUM - Internal users could exploit this if they can deliver malicious PDFs to colleagues or systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious PDFs with improper signatures. No user interaction needed but attacker must deliver payload to target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to versions after those listed in affected versions

Vendor Advisory: https://helpx.adobe.com/security/products/acrobat/apsb25-119.html

Restart Required: Yes

Instructions:

1. Open Adobe Acrobat Reader
2. Go to Help > Check for Updates
3. Follow prompts to install available updates
4. Restart computer after installation completes

🔧 Temporary Workarounds

Disable JavaScript in Acrobat Reader

all

Prevents JavaScript-based exploitation vectors that might leverage this vulnerability

Edit > Preferences > JavaScript > Uncheck 'Enable Acrobat JavaScript'

Use Protected View for untrusted files

all

Forces all PDFs from untrusted sources to open in protected mode

Edit > Preferences > Security (Enhanced) > Check 'Enable Protected View at startup' and 'Enable Protected View for files originating from the Internet'

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized Acrobat Reader execution
Deploy file integrity monitoring to detect unauthorized file modifications

🔍 How to Verify

Check if Vulnerable:

Check Help > About Adobe Acrobat Reader DC and compare version against affected list

Check Version:

On Windows: "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /? | find "Version"

Verify Fix Applied:

Verify version is newer than affected versions and check that updates were successfully installed

📡 Detection & Monitoring

Log Indicators:

Unexpected file modification events in Acrobat Reader directories
Multiple failed signature verification attempts in application logs

Network Indicators:

Unusual PDF downloads from untrusted sources
PDF files with modified signatures

SIEM Query:

source="*acrobat*" AND (event_type="file_modification" OR message="signature verification")

📊 Metadata

CVE ID: CVE-2025-64786

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-347

EPSS Score: 0.02% exploit probability (4.3th percentile)

Published: December 9, 2025

Last Updated: December 12, 2025

🔗 References

https://helpx.adobe.com/security/products/acrobat/apsb25-119.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64786, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Acrobat by Adobe

Acrobat by Adobe

Acrobat by Adobe

Acrobat Dc by Adobe

Acrobat Reader by Adobe

Acrobat Reader Dc by Adobe

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Acrobat Reader

Use Protected View for untrusted files

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities