CVE-2025-27162: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2025-27162 affects Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier. The vulnerability is classified as an Access of Uninitialized Pointer issue that could potentially lead to arbitrary code execution in the context of the current user. This security flaw was disclosed on March 11, 2025, and has been assigned a CVSS v3.1 base score of 7.8 (High) (NVD).

The vulnerability specifically exists within the handling of AcroForms and stems from the lack of proper initialization of memory prior to accessing it. It has been classified as CWE-824 (Access of Uninitialized Pointer). The vulnerability has received a CVSS v3.1 score of 7.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required for exploitation (ZDI).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. The impact spans across confidentiality, integrity, and availability, with all three aspects rated as High in the CVSS scoring. The vulnerability requires user interaction, specifically requiring a victim to open a malicious file for successful exploitation (NVD, Rapid7).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Acrobat and Reader. The fix has been made available through Adobe's security bulletin APSB25-14 (Adobe Security).