A current disclosure by Cisco Talos’ Vulnerability Discovery & Analysis group highlighted a number of vulnerability points in Adobe Acrobat.
All of those vulnerabilities have been addressed by their respective distributors, aligning with Cisco’s third-party vulnerability disclosure coverage.
For detection of those vulnerabilities, customers can make the most of the newest Snort rule units obtainable from Snort.org and confer with Talos Intelligence’s web site for the newest Vulnerability Advisories.
CVE Particulars
The vulnerabilities affecting Adobe Acrobat contain a mix of out-of-bounds reads and a reminiscence corruption difficulty, all of that are linked to the font performance throughout the software program.
- TALOS-2025-2134 (CVE-2025-27163) and TALOS-2025-2136 (CVE-2025-27164): These are out-of-bounds learn vulnerabilities that can lead to the disclosure of delicate data. The first concern with these vulnerabilities is the potential leakage of information, which will be exploited by an attacker to achieve unauthorized insights into the system or consumer information.
- TALOS-2025-2135 (CVE-2025-27158): This can be a reminiscence corruption vulnerability brought on by an uninitialized pointer in Adobe Acrobat’s font performance. This particular difficulty is extra important because it may probably result in arbitrary code execution if exploited. By crafting a malicious font file embedded in a PDF, an attacker may set off these vulnerabilities. Nonetheless, profitable exploitation requires the consumer to be tricked into opening such a malicious file.
Affected Merchandise
| Product | Vulnerability (CVE) |
| Adobe Acrobat | CVE-2025-27163 |
| Adobe Acrobat | CVE-2025-27164 |
| Adobe Acrobat | CVE-2025-27158 |
Impression and Mitigation
These vulnerabilities spotlight the significance of patch administration in stopping potential assaults. Customers are suggested to make sure their Adobe Acrobat software program is up to date with the newest safety patches.
Furthermore, warning must be exercised when opening PDF recordsdata from untrusted sources, as this might help forestall exploitation of such vulnerabilities.
For organizations and people looking for to guard towards these vulnerabilities, updating software program promptly and sustaining consciousness of file sources are key steps in mitigating danger.
Moreover, implementing sturdy safety measures, corresponding to endpoint detection methods, can add an additional layer of safety towards exploitation makes an attempt.
The proactive patching of those vulnerabilities by Adobe illustrates the collaborative effort between distributors and safety researchers to safeguard consumer safety.
Customers should stay vigilant and hold their methods up to date to forestall the exploitation of such vulnerabilities.
Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get stay Entry with ANY.RUN -> Begin Now for Free.