CVE-2025-54255 MEDIUM

CVE-2025-54255: Acrobat Reader | Violation of Secure Design Principles (CWE-657)

Vendor Adobe
Product Acrobat Reader
Weakness CWE-657
Published September 9, 2025
Last update October 1, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
October 1, 2025 Record updated