Adobe Acrobat Reader Memory Corruption Vulnerability (CVE-2025-27158)
CVE-2025-27158 is a high-severity memory corruption vulnerability resulting from an uninitialized pointer in Adobe Acrobat Readerβs font handling functionality.
This flaw carries a CVSS 3.1 score of 8.8, making it particularly dangerous. This vulnerability could allow attackers to execute arbitrary code on the victimβs system when exploited.
The attack vector requires a specially crafted font file embedded in a PDF document, which triggers the exploitation when opened by an unsuspecting user.
Risk Factors - Details
Affected Products - Adobe Acrobat Reader DC (Windows/Mac) 24.005.20421 and earlier versions, Acrobat Classic and Acrobat 2020 versions
Impact - Arbitrary code execution
Exploit Prerequisites - User must open malicious file
CVSS 3.1 Score - 8.8
Out-of-Bounds Read Vulnerability (CVE-2025-27163)
CVE-2025-27163 is an out-of-bounds read vulnerability in the font functionality of Adobe Acrobat Reader that could lead to the disclosure of sensitive memory information.
This vulnerability specifically relates to the OpenType font format parsing, particularly when processing the hhea and hmtx tables in embedded font files.
The vulnerability affects multiple versions of Adobe Acrobat Reader up to 25.001.20428.
Like other vulnerabilities in this series, exploitation requires user interactionβspecifically opening a malicious PDF document containing specially crafted font data.
This vulnerability represents a significant security risk as it could allow attackers to access sensitive information stored in memory, potentially including cryptographic keys, passwords, or other confidential data.
Risk Factors Details
Affected Products Adobe Acrobat Reader 2024.005.20320 and versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier
Impact Memory disclosure, ASLR bypass
Exploit Prerequisites User must open malicious file
CVSS 3.1 Score 6.5
Out-of-Bounds Read Vulnerability (CVE-2025-27164)
CVE-2025-27164 is another out-of-bounds read vulnerability in Adobe Acrobat Readerβs font handling functionality. With a CVSS 3.1 score of 6.5, itβs classified as a medium-severity flaw.
This vulnerability also relates to the processing of OpenType font files embedded in PDF documents. When exploited, it can lead to the disclosure of sensitive information from system memory.
The vulnerability is categorized under CWE-125 (Out-of-bounds Read) and affects Adobe Acrobat Reader 2024.005.20320 and earlier versions.
Like the other vulnerabilities, exploitation requires user interaction, with the attack vector being a specially crafted PDF file that must be opened by the victim.
Risk Factors Details
Affected Products Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier
Impact Memory disclosure, ASLR bypass
Exploit Prerequisites User must open malicious file
CVSS 3.1 Score 6.5
Patch Availability - Refer to March 11, 2025 update