CVE-2025-47112
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-07-25
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | acrobat_dc | to 25.001.20531 (exc) |
| adobe | acrobat_reader_dc | to 25.001.20531 (exc) |
| microsoft | windows | * |
| adobe | acrobat_dc | to 25.001.20529 (exc) |
| adobe | acrobat_reader_dc | to 25.001.20529 (exc) |
| apple | macos | * |
| adobe | acrobat | From 20.0 (inc) to 20.005.30774 (exc) |
| adobe | acrobat | From 24.0.0 (inc) to 24.001.30254 (exc) |
| adobe | acrobat_reader | From 20.0 (inc) to 20.005.30774 (exc) |
| apple | macos | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in certain versions of Acrobat Reader, which means the software reads memory outside the intended boundaries. This can lead to disclosure of sensitive memory data. An attacker could exploit this by tricking a user into opening a malicious file, potentially bypassing security mitigations like ASLR.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to access sensitive information from the memory of the affected application. This could lead to information disclosure without the attacker having direct privileges, but it requires the user to open a malicious file.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that Acrobat Reader is updated to a version later than 24.001.30235, 20.005.30763, or 25.001.20521. Avoid opening files from untrusted sources to prevent exploitation that requires user interaction.