Adobe Patches Critical PDF Vulnerability Exploited for Months
Adobe has released a security fix for a zero-day vulnerability in its PDF software that cybercriminals have been actively exploiting since at least November 2025. The breach affected an unknown number of users, with security researchers confirming the hacking campaign targeted victims over an extended period.
TechnologyAdobe has moved to address a significant security vulnerability in its PDF software after discovering that hackers have been actively exploiting the flaw for several months. The zero-day bug, which remained undetected until recently, was being weaponized by threat actors against PDF users in targeted campaigns.
According to security researchers tracking the malicious activity, the exploitation campaign began at least as early as November 2025, with attackers leveraging the vulnerability to gain unauthorized access to victim systems. The exact scale of the breach remains unclear, with Adobe and security firms still working to determine how many individuals and organizations were compromised through this attack vector.
The company has now released a patch to address the vulnerability, urging users to update their PDF software immediately to protect themselves from further exploitation. Adobe has not disclosed specific technical details about the flaw, a common practice when zero-day vulnerabilities are involved, to prevent additional attacks before most users have time to apply the fix.
This incident underscores the ongoing risk posed by zero-day vulnerabilities, which remain unknown to software vendors and therefore lack protective measures until discovered. Security experts recommend that organizations implement the update promptly and review their systems for any signs of compromise during the exploitation window.
Open in app →