CVE-2025-64785 is an Untrusted Search Path vulnerability classified under CWE-426, affecting Adobe Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803, and earlier. The vulnerability arises when Acrobat Reader uses a search path to locate critical resources such as executables or DLLs without properly validating or restricting the directories in the search path. An attacker with local access can manipulate this search path to include a directory containing a malicious executable. When Acrobat Reader attempts to load a resource, it may inadvertently execute the attacker's malicious code in the context of the current user. This can lead to arbitrary code execution, compromising confidentiality, integrity, and availability of the affected system. The vulnerability does not require user interaction but requires local access (AV:L), meaning the attacker must have some level of access to the victim machine. The CVSS v3.1 score is 7.8, reflecting high severity due to the potential for full system compromise. No patches or exploits are currently publicly available, but the issue is officially published and should be addressed promptly once fixes are released. The vulnerability is particularly dangerous in environments where Acrobat Reader is widely deployed and users have elevated privileges or where local access controls are weak.

The impact of CVE-2025-64785 is significant for organizations worldwide, especially those relying heavily on Adobe Acrobat Reader for document handling. Successful exploitation allows attackers to execute arbitrary code with the privileges of the current user, potentially leading to full system compromise, data theft, installation of persistent malware, or lateral movement within a network. Since Acrobat Reader is commonly used in enterprise, government, and educational institutions, the vulnerability could be leveraged to bypass security controls and gain unauthorized access to sensitive information. The local access requirement limits remote exploitation but does not eliminate risk in environments where attackers can gain local footholds, such as through phishing, insider threats, or compromised endpoints. The absence of required user interaction increases the risk of stealthy exploitation. Overall, this vulnerability threatens confidentiality, integrity, and availability of affected systems and could facilitate broader attacks if combined with other vulnerabilities or social engineering tactics.

To mitigate CVE-2025-64785 effectively, organizations should: 1) Monitor Adobe's official channels for patches and apply updates to Acrobat Reader immediately upon release. 2) Restrict and harden the search paths used by Acrobat Reader and other applications by configuring system environment variables and application settings to prevent loading executables from untrusted directories. 3) Implement strict local privilege management to limit user permissions, reducing the impact of arbitrary code execution. 4) Employ application whitelisting and code integrity policies to prevent unauthorized executables from running. 5) Use endpoint detection and response (EDR) solutions to monitor for suspicious process creation or execution patterns related to Acrobat Reader. 6) Educate users about the risks of local compromise and enforce strong access controls to prevent unauthorized local access. 7) Regularly audit and clean temporary directories and user-writable paths that could be abused to place malicious executables. These measures go beyond generic patching by focusing on environment hardening and proactive detection.