CVE-2025-47112: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2025-47112 is an out-of-bounds read vulnerability affecting Adobe Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier. The vulnerability was discovered by an anonymous researcher working with Trend Micro's Zero Day Initiative and was publicly disclosed on June 10, 2025 (Wiz Report).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs during the parsing of embedded fonts. The issue stems from inadequate validation of user-supplied data, which can result in reading past the end of an allocated buffer. The vulnerability has received a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD, Wiz Report).

The successful exploitation of this vulnerability could lead to the disclosure of sensitive memory information and potentially enable attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). When combined with other vulnerabilities, this could potentially facilitate arbitrary code execution in the context of the current process. Exploitation of this issue requires user interaction in that a victim must open a malicious file (CVE Details, Wiz Report).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat Reader installations to the latest version available through the official Adobe update channels (Adobe Security).