Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Search vulnerabilities and malicious packages across npm, PyPI, Go, GitHub Actions, VS Code, and more.

CVE-2025-64787 | Mondoo Vulnerability Intelligence

CVE-2025-64787

LOW3.3

Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)

Published Dec 9, 2025

Modified 2 weeks ago

No fix available

Details

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.

Affected Packages

Windows:10240Adobe Acrobat Reader

Windows:14393Adobe Acrobat Reader

Windows:17763Adobe Acrobat Reader

Windows:18362Adobe Acrobat Reader

Windows:18363Adobe Acrobat Reader

Windows:19041Adobe Acrobat Reader

Windows:19042Adobe Acrobat Reader

Windows:19043Adobe Acrobat Reader

Windows:19044Adobe Acrobat Reader

Windows:19045Adobe Acrobat Reader

Windows:20348Adobe Acrobat Reader

Windows:22000Adobe Acrobat Reader

Windows:22621Adobe Acrobat Reader

Windows:22631Adobe Acrobat Reader

Windows:25398Adobe Acrobat Reader

Windows:26100Adobe Acrobat Reader

Windows:26200Adobe Acrobat Reader

macOS:14Adobe Acrobat Reader

macOS:15Adobe Acrobat Reader

macOS:26Adobe Acrobat Reader

References

ADVISORYhttps://helpx.adobe.com/security/products/acrobat/apsb25-119.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-64787

CVSS Analysis

CVSS v2.0

3.3

Exploitability

Access Vector

LocalAV:L

Access Complexity

LowAC:L

Impact

Confidentiality

NoneC:N

Availability

NoneA:N

3.3/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Weakness Type (CWE)

Other

CWE-347

Timeline

PublishedDec 9, 2025

ModifiedDec 12, 2025