CVE-2024-39425
CVSS 3.1 Score 7.0 of 10 (high)
Details
Summary
CVE-2024-39425 is a newly disclosed vulnerability affecting Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123, and older. This issue is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability, which can be exploited to gain privilege escalation. To successfully exploit this vulnerability, an attacker requires local low-privilege access to the affected system, making it a potential threat to systems where Acrobat Reader is installed and used. The attack complexity is high, indicating that it may not be easily exploited, but organizations are encouraged to apply the available patches to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Adobe Acrobat DC
- Adobe Acrobat
- Adobe Acrobat Reader
- Adobe Acrobat Reader DC
Affected Vendors
- Adobe