For at least eleven weeks — possibly longer — attackers had a skeleton key to some of the most widely deployed document software on the planet. And nobody at Adobe knew. The vulnerability, tracked as CVE-2025-27163, affected Adobe Acrobat and Adobe Acrobat Reader across Windows and macOS platforms. It wasn’t a theoretical risk buried in a researcher’s white paper. It was actively exploited in the wild, used against real targets, before Adobe issued an out-of-band emergency patch. The flaw carried a CVSS score of 7.8 out of 10 — high severity — and allowed attackers to execute arbitrary code on a victim’s machine simply by convincing them to open a malicious PDF file. That’s it. Open a PDF. Game over. According to TechRepublic , the vulnerability stemmed from an out-of-bounds write issue in how Adobe’s software parsed certain PDF structures. This class of bug — memory corruption through improper bounds checking — is among the oldest and most dangerous in software security.…