CVE-2025-64785 is an Untrusted Search Path vulnerability (CWE-426) identified in Adobe Acrobat Reader versions 20.005.30793, 20.005.30803, 24.001.30264, 24.001.30273, 25.001.20982, and earlier. The vulnerability arises because Acrobat Reader uses a search path to locate critical executable resources without properly validating or securing the path. An attacker with the ability to modify the search path—such as by placing a malicious executable in a directory that is searched before the legitimate one—can cause Acrobat Reader to execute arbitrary code under the current user's privileges. This can lead to full compromise of the user's environment, including data theft, system manipulation, or further malware deployment. Notably, exploitation does not require user interaction, meaning the attack can be automated or triggered remotely if the attacker can influence the search path environment. The CVSS v3.1 score of 7.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no exploits are currently known in the wild, the vulnerability’s characteristics make it a critical concern for organizations relying on Adobe Acrobat Reader for document handling. The lack of available patches at the time of publication increases urgency for interim mitigations.

For European organizations, the impact of CVE-2025-64785 is significant. Adobe Acrobat Reader is widely used across enterprises, government agencies, and critical infrastructure sectors for document viewing and processing. Successful exploitation could lead to unauthorized code execution, enabling attackers to steal sensitive data, disrupt operations, or establish persistence within networks. This is particularly concerning for sectors handling confidential or regulated information such as finance, healthcare, and public administration. The vulnerability’s ability to be exploited without user interaction increases the risk of automated attacks and worm-like propagation within networks. Additionally, compromised endpoints could serve as footholds for lateral movement and further attacks. The impact on availability could disrupt business continuity, while integrity breaches could undermine trust in document authenticity. European organizations with complex IT environments and legacy Acrobat Reader deployments are especially vulnerable until patches are applied.

1. Apply official Adobe patches immediately once released to address CVE-2025-64785. 2. Until patches are available, restrict write permissions on directories included in Acrobat Reader’s search path to prevent unauthorized modification or insertion of malicious executables. 3. Use application whitelisting to ensure only trusted executables are run by Acrobat Reader. 4. Employ endpoint detection and response (EDR) solutions to monitor for anomalous process execution and search path tampering. 5. Educate IT staff to audit and harden environment variables and system PATH settings related to Acrobat Reader. 6. Consider isolating Acrobat Reader usage in sandboxed or virtualized environments to limit impact of potential exploitation. 7. Regularly update and patch all software dependencies and maintain an asset inventory to identify vulnerable versions. 8. Monitor threat intelligence feeds for emerging exploit techniques targeting this vulnerability.