Zscaler protects against 9 new vulnerabilities for Adobe Acrobat and Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 9 vulnerability included in the March 2025 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary.

APSB25-14 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. 

Affected Software

• Acrobat DC Continuous 25.001.20428 and earlier versions for Windows & macOS
• Acrobat Reader DC Continuous 25.001.20428 and earlier versions for Windows & macOS
• Acrobat 2024 Classic 2024 24.001.30225 and earlier versions for Windows & macOS
• Acrobat 2020 Classic 2020 20.005.30748 and earlier versions for Windows & macOS
• Acrobat Reader 2020 Classic 2020 20.005.30748 and earlier versions for Windows & macOS

CVE-2025-27174 – Use After Free vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

• Advanced Threat Protection 

CVE-2025-27158 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

• Advanced Threat Protection 

CVE-2025-27159 – Use After Free vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

• Advanced Threat Protection 

CVE-2025-27160 – Use After Free vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

• Advanced Threat Protection 

CVE-2025-27161 – Out-of-bounds Read vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

• Advanced Threat Protection 

CVE-2025-27162 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

• Advanced Threat Protection 

CVE-2025-24431 – Out-of-bounds Read vulnerability leading to Arbitrary code execution. 

Severity: Important

Subscription Required

• Advanced Threat Protection 

CVE-2025-27163 – Out-of-bounds Read vulnerability leading to Memory Leak. 

Severity: Important

Subscription Required

• Advanced Threat Protection 

CVE-2025-27164 – Out-of-bounds Read vulnerability leading to Memory Leak. 

Severity: Important

Subscription Required

• Advanced Threat Protection