CVE-2025-54255
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-10-02
Assigner: Adobe Systems Incorporated
Description
Description
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | acrobat | From 24.0.0 (inc) to 24.001.30264 (exc) |
| adobe | acrobat_dc | From 15.008.20082 (inc) to 25.001.20693 (exc) |
| adobe | acrobat_reader_dc | From 15.008.20082 (inc) to 25.001.20693 (exc) |
| apple | macos | * |
| microsoft | windows | * |
| adobe | acrobat | From 20.001.30002 (inc) to 20.005.30793 (exc) |
| adobe | acrobat_reader | From 20.001.30002 (inc) to 20.005.30791 (exc) |
| microsoft | windows | * |
| adobe | acrobat | From 20.001.30002 (inc) to 20.005.30791 (exc) |
| adobe | acrobat_reader | From 20.001.30002 (inc) to 20.005.30791 (exc) |
| apple | macos | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-657 | The product violates well-established principles for secure design. |
