Login Sign Up

CVE-2025-64787

3.3 LOW

📋 TL;DR

This CVE describes an Improper Verification of Cryptographic Signature vulnerability in Adobe Acrobat Reader that allows attackers to bypass cryptographic protections and gain limited unauthorized write access. All users running affected versions of Acrobat Reader are vulnerable. Exploitation requires no user interaction.

💻 Affected Systems

Products:
  • Adobe Acrobat Reader
Versions: 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations of affected versions are vulnerable.

📦 What is this software?

Acrobat by Adobe

View all CVEs affecting Acrobat →

Acrobat by Adobe

View all CVEs affecting Acrobat →

Acrobat by Adobe

View all CVEs affecting Acrobat →

Acrobat Dc by Adobe

View all CVEs affecting Acrobat Dc →

Acrobat Reader by Adobe

View all CVEs affecting Acrobat Reader →

Acrobat Reader Dc by Adobe

View all CVEs affecting Acrobat Reader Dc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify signed PDF documents to inject malicious content while maintaining apparent validity, potentially leading to document tampering or malware distribution.

🟠

Likely Case

Limited document modification capabilities allowing attackers to alter certain PDF elements while bypassing signature verification.

🟢

If Mitigated

With proper controls, impact is limited to document integrity issues rather than system compromise.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

No user interaction required, but exploitation requires understanding of PDF signature structure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version via Adobe's update mechanism

Vendor Advisory: https://helpx.adobe.com/security/products/acrobat/apsb25-119.html

Restart Required: Yes

Instructions:

1. Open Adobe Acrobat Reader
2. Navigate to Help > Check for Updates
3. Follow prompts to install available updates
4. Restart the application

🔧 Temporary Workarounds

Disable PDF opening in Acrobat Reader

all

Change default PDF handler to alternative PDF viewer

Restrict PDF execution

windows

Use application control to block Acrobat Reader execution

🧯 If You Can't Patch

  • Implement network segmentation to restrict PDF file sources
  • Deploy endpoint detection to monitor for suspicious PDF modifications

🔍 How to Verify

Check if Vulnerable:

Check Help > About Adobe Acrobat Reader and compare version against affected list

Check Version:

On Windows: wmic product where name="Adobe Acrobat Reader" get version

Verify Fix Applied:

Verify version is newer than affected versions listed in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected PDF signature validation failures
  • Multiple rapid PDF file modifications

Network Indicators:

  • Unusual PDF downloads from untrusted sources
  • PDF files with modified signatures

SIEM Query:

source="*acrobat*" AND (event="signature_validation" OR event="file_modification")

📊 Metadata

CVE ID: CVE-2025-64787
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-347
EPSS Score: 0.02% exploit probability (4.3th percentile)
Published: December 9, 2025
Last Updated: December 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64787, you might also want to check these:

CVE-2022-24884 10.0

This vulnerability in ecdsautils allows attackers to forge ECDSA signatures by providing zero-value ...

Same vulnerability type (CWE-347)
CVE-2023-25574 10.0

CVE-2023-25574 is a critical authentication bypass vulnerability in jupyterhub-ltiauthenticator's LT...

Same vulnerability type (CWE-347)
CVE-2024-45409 10.0

CVE-2024-45409 is a critical authentication bypass vulnerability in the Ruby SAML library where SAML...

Same vulnerability type (CWE-347)