CVE-2025-64899 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2025-64899?

CVE-2025-64899 has a CVSS score of 7.8 (HIGH). This CVE describes an out-of-bounds read vulnerability in Adobe Acrobat Reader that could allow an attacker to execute arbitrary code in the context of the current user. Users of affected versions who open malicious PDF files are at risk. The vulnerability requires user interaction through opening a crafted file.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Adobe Acrobat Reader that could allow an attacker to execute arbitrary code in the context of the current user. Users of affected versions who open malicious PDF files are at risk. The vulnerability requires user interaction through opening a crafted file.

💻 Affected Systems

Products:

Adobe Acrobat Reader DC
Adobe Acrobat Reader

Versions: 24.001.30264 and earlier, 20.005.30793 and earlier, 25.001.20982 and earlier, 24.001.30273 and earlier, 20.005.30803 and earlier

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Limited code execution leading to malware installation, credential theft, or data exfiltration from the user's system.

🟢

If Mitigated

Application crash or denial of service if memory protections prevent successful exploitation.

🌐 Internet-Facing: MEDIUM - Attackers can host malicious files online, but requires user interaction to open them.

🏢 Internal Only: MEDIUM - Internal phishing campaigns could exploit this, but still requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after those listed in affected versions - check Adobe advisory for specific patched versions

Vendor Advisory: https://helpx.adobe.com/security/products/acrobat/apsb25-119.html

Restart Required: Yes

Instructions:

1. Open Adobe Acrobat Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install available updates. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable JavaScript in PDFs

all

Prevents JavaScript-based exploitation vectors that might accompany the memory corruption

Edit > Preferences > JavaScript > Uncheck 'Enable Acrobat JavaScript'

Use Protected View

all

Open untrusted PDFs in Protected View mode to limit potential damage

File > Open > Select file > Check 'Open in Protected View'

🧯 If You Can't Patch

Restrict PDF file opening to trusted sources only
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Help > About Adobe Acrobat Reader DC and compare version against affected versions list

Check Version:

On Windows: wmic product where name="Adobe Acrobat Reader DC" get version

Verify Fix Applied:

Verify version is newer than affected versions listed in Adobe advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected child processes spawned from Acrobat Reader

Network Indicators:

Outbound connections from Acrobat Reader to unknown IPs
DNS requests for suspicious domains after PDF opening

SIEM Query:

process_name:"AcroRd32.exe" AND (event_id:1000 OR event_id:1001) AND exception_code:0xc0000005

📊 Metadata

CVE ID: CVE-2025-64899

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (7.9th percentile)

Published: December 9, 2025

Last Updated: December 12, 2025

🔗 References

https://helpx.adobe.com/security/products/acrobat/apsb25-119.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64899, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Acrobat by Adobe

Acrobat by Adobe

Acrobat by Adobe

Acrobat Dc by Adobe

Acrobat Reader by Adobe

Acrobat Reader Dc by Adobe

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in PDFs

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities