CVE-2025-0899

High CVSS: 8.8

PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25349.

Vendor

Pdf-xchange

Product

Pdf-xchange Editor

CWE

CWE-416

Yayın Tarihi

2025-02-11 20:15:34

Güncelleme

2025-02-12 19:00:59

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-416 Pdf-xchange Editor HIGH Pdf-xchange 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-061/

Benzer Kayıtlar

High

CVE-2025-64085

A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows att…

High

CVE-2025-64086

A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allo…

Medium

CVE-2025-58113

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401…

Medium

CVE-2025-47152

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396…

Medium

CVE-2025-27931

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using…

Low

CVE-2025-6662

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows r…