Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
A zero-day vulnerability in Adobe Reader has been actively exploited via malicious PDFs since December 2025, enabling data harvesting and potential remote code execution on fully patched systems.
What’s new: A zero-day vulnerability in Adobe Reader has been exploited via malicious PDFs since December 2025. The exploit allows attackers to execute obfuscated JavaScript for data harvesting and potentially remote code execution (RCE). The malicious PDFs, which include social engineering elements, have been linked to current events in the Russian oil and gas industry.
Who’s affected
Users of Adobe Reader, particularly those who open maliciously crafted PDF documents, are at risk. The exploit has been confirmed to work on the latest version of Adobe Reader.
What to do
- Do not open PDF files from unknown or untrusted sources.
- Monitor for updates from Adobe regarding patches for this vulnerability.
- Implement security measures to detect and block malicious PDF files.
