CVE-2025-27161: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

An out-of-bounds read vulnerability (CVE-2025-27161) was discovered in Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier. The vulnerability was disclosed on March 11, 2025, affecting multiple versions of Adobe Acrobat Reader. This security flaw occurs when parsing a crafted file, which could result in a read past the end of an allocated memory structure (NVD).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) and has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires local access and user interaction, but no privileges, and can potentially impact confidentiality, integrity, and availability with high severity (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a malicious file (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to Acrobat DC Continuous version 25.001.20432, Acrobat Reader DC Continuous version 25.001.20432, Acrobat 2024 Classic 2024 24.001.30235 version, Acrobat 2020 Classic 2020 20.005.30763 version, or Acrobat Reader 2020 Classic 2020 20.005.30763 version (ASEC Advisory).