XXE in Adobe Acrobat

CVE-2024-49535

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide mali…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.004 (31.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-49535?
CVE-2024-49535 is a medium-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.3/10. Published 2024-12-10.
How severe is CVE-2024-49535?
Medium severity. CVSS v3 base score is 6.3 out of 10.