CVE-2025-43578: Acrobat Reader | Out-of-bounds Read (CWE-125)
Description
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Classification
CVE ID: CVE-2025-43578
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.5
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Problem Types
Out-of-bounds Read (CWE-125)Affected Products
Vendor: Adobe
Product: Acrobat Reader
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 4.68% (scored less or equal to compared to others)
EPSS Date: 2025-06-17 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-43578https://helpx.adobe.com/security/products/acrobat/apsb25-57.html