Adobe Reader Zero-Day Vulnerability Exploited by Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025.

The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit that leverages a vulnerability in Adobe Reader to gain unauthorized access to systems.

The artifact, identified as Invoice540.pdf, first appeared on the VirusTotal platform on November 28, 2025, indicating that the vulnerability has been actively exploited for several months.

This discovery highlights the importance of keeping software up to date and being cautious when opening PDF documents from unknown sources, as they can be used to deliver malicious payloads and exploit vulnerabilities like the one found in Adobe Reader.

As the vulnerability is a zero-day, it is essential for users to be vigilant and take necessary precautions to protect themselves from potential attacks, and for Adobe to release a patch to fix the vulnerability as soon as possible.

Further research is needed to determine the full extent of the vulnerability and the potential impact on users, but it is clear that this is a significant threat that requires immediate attention from the cybersecurity community.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Mitigating the Security Risks of Unsanctioned AI in the Enterprise

MENA Region Under Siege: Hack-for-Hire Campaign Targets Journalists and Activists