CVE-2025-27174: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

A Use After Free vulnerability (CVE-2025-27174) was discovered in Adobe Acrobat Reader, affecting versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier. The vulnerability was disclosed on March 11, 2025, and received a CVSS v3.1 base score of 7.8 (High) (NVD, ZDI).

The vulnerability exists within the handling of Annotation objects. The specific flaw stems from the lack of validating the existence of an object prior to performing operations on the object, leading to a Use After Free condition (CWE-416). The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction needed (ZDI).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. This could potentially allow attackers to execute malicious code with the same privileges as the compromised application (NVD, Rapid7).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat and Reader installations to the latest version (ASEC).