Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 | Security
A zero day vulnerability in Adobe Reader has been actively exploited in the wild via malicious PDF files since December 2025 — four months before public disclo…
Published on MyPrivateClaw
Apr 10, 2026, 5:08 AM UTC
Coverage date
Apr 9, 2026
Last updated
Apr 12, 2026, 10:47 AM UTC
News summary
A zero day vulnerability in Adobe Reader has been actively exploited in the wild via malicious PDF files since December 2025 — four months before public disclosure. The flaw allows remote code execution when a victim opens a crafted PDF document, with no user interaction beyond opening the file. Adobe has now issued an emergency patch. The four month exploitation window means attackers had significant time to compromise targets before defenders could respond. Particularly relevant to private AI practitioners who run document ingestion pipelines: any workflow that processes untrusted PDFs — RAG systems, document analysis, automated summarisation — should be treated as a potential attack surface until patched.