CVE-2025-64785
Essential information
- Published
- 09/12/2025 21:15
- Modified
- 12/12/2025 19:36
- Author
- —
- Creator
- —
- CVSS
- 7.8 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.
NVD status
- Status
- Analyzed — CVE has had analysis completed and all data associations made.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| adobe / acrobat | cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:* |
| adobe / acrobat dc | cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* |
| adobe / acrobat reader | cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:* |
| adobe / acrobat reader dc | cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* |
| adobe / acrobat | cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:* |
| microsoft / windows | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
| adobe / acrobat | cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:* |
| apple / macos | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |