- 58/2025
- High
Adobe has released security updates to address several vulnerabilities across multiple Adobe products.
The addressed vulnerabilities could allow the attacker to expose sensitive data through memory leaks or execute arbitrary code and gain access to the affected product by persuading the victim to open a malicious file.
Sample of the addressed vulnerabilities:
1. Adobe Acrobat and Reader Use After Free Vulnerability (CVE-2025-27174):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CVE-2025- 24431):
- CVSS: 5.5
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
The affected products:
- Adobe Acrobat and Reader.
- Adobe Substance 3D Sampler.
- Adobe Illustrator.
- Adobe Substance 3D Painter.
- Adobe InDesign.
- Adobe Substance 3D Modeler.
- Adobe Substance 3D Designer.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.