COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2020-9715

CVE-2020-9715

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-9715
⚡ RCE ◐ zero-day ⌖ exploited in the wild shame 85/100 rceexploited-in-wildunpatchedransomware

Adobe Acrobat use-after-free vulnerability (CVE-2020-9715) enables remote code execution and was actively exploited in the wild.

This use-after-free flaw in Adobe Acrobat allows attackers to execute arbitrary code remotely, posing a severe risk to DIB organizations relying on Acrobat for document handling. The vulnerability was actively exploited before a patch existed, creating a zero-day window that compromises confidentiality and integrity of sensitive data. DIB orgs must immediately patch Acrobat and audit all document processing workflows to prevent unauthorized access.

Shame score — Adobe failed to patch a critical use-after-free vulnerability promptly, allowing active exploitation in the wild before disclosure.

Players implicated

Adobe · vendorAcrobat · product

Description

Adobe Acrobat contains a use-after-free vulnerability that allows for code execution

Affected FedRAMP products 8 in the catalog

ProductProviderStatusMatch
Adobe Acrobat Sign for Government Adobe Authorized vendor-exact · 0.90
Adobe Analytics Adobe Authorized vendor-exact · 0.90
Adobe Campaign Adobe Authorized vendor-exact · 0.90
Adobe Connect Managed Services (ACMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Creative Cloud for Enterprise Adobe Authorized vendor-exact · 0.90
Adobe Document Cloud (PDF Services & Adobe Sign) Adobe Authorized vendor-exact · 0.90
Adobe Experience Manager Managed Services (AEMMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Learning Manager Adobe Authorized vendor-exact · 0.90