CVE-2025-64786 LOW

CVE-2025-64786: Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)

Vendor Adobe
Product Acrobat Reader
Weakness CWE-347
Published December 9, 2025
Last update April 28, 2026

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.

Key dates

02Disclosure timeline

December 9, 2025 CVE published
April 28, 2026 Record updated