This vulnerability represents a significant security risk as it could allow attackers to access sensitive information stored in memory, potentially including cryptographic keys, passwords, or other confidential data. CVE-2025-27163 is an out-of-bounds read vulnerability in the font functionality of Adobe Acrobat Reader that could lead to the disclosure of sensitive memory information. The primary concern with this vulnerability is that successful exploitation would allow attackers to run malicious code within the context of the user’s application, potentially granting them access to sensitive information or further system compromise. Three significant vulnerabilities in Adobe Acrobat Reader were found, which might allow attackers to run arbitrary code or expose sensitive information. CVE-2025-27158 is a high-severity memory corruption vulnerability resulting from an uninitialized pointer in Adobe Acrobat Reader’s font handling functionality. Successful exploitation could allow attackers to execute arbitrary code, install malware, modify data, or create new user accounts with full privileges, depending on the rights of the compromised user. Like other vulnerabilities in this series, exploitation requires user interaction—specifically opening a malicious PDF document containing specially crafted font data. The attack vector requires a specially crafted font file embedded in a PDF document, which triggers the exploitation when opened by an unsuspecting user. CVE-2025-27164 is another out-of-bounds read vulnerability in Adobe Acrobat Reader’s font handling functionality. Like the other vulnerabilities, exploitation requires user interaction, with the attack vector being a specially crafted PDF file that must be opened by the victim. These vulnerabilities, discovered by Cisco Talos, affect multiple versions of the popular PDF software and pose significant security risks to users who unwittingly open maliciously crafted PDF files. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This vulnerability could allow attackers to execute arbitrary code on the victim’s system when exploited. This vulnerability specifically relates to the OpenType font format parsing, particularly when processing the hhea and hmtx tables in embedded font files. The vulnerability is categorized under CWE-125 (Out-of-bounds Read) and affects Adobe Acrobat Reader 2024.005.20320 and earlier versions. This vulnerability also relates to the processing of OpenType font files embedded in PDF documents.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Mar 2025 08:40:07 +0000