CVE-2025-65875

High CVSS: 8.8

An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.

Vendor

Fpdf

Product

Fpdf

CWE

CWE-434

Yayın Tarihi

2026-02-03 18:16:15

Güncelleme

2026-02-11 19:24:28

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Fpdf HIGH Fpdf 2026

Referanslar

http://www.fpdf.org https://advisories.gitlab.com/pkg/composer/tecnickcom/tc-lib-pdf-font/CVE-2024-56520/ https://github.com/Setasign/FPDF