CVE-2025-0899 in PDF-XChange Editor情報

要約

〜によって MITRE • 2025年02月11日

PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25349.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

予約する

2025年01月30日

公開

2025年02月11日

モデレーション

承諾済み

エントリ

VDB-294318

CPE

準備完了

CWE

CWE-416 (確認済み)

CVSS

8.8 (NVD)

EPSS

0.00416

KEV

いいえ

アクティビティ

非常低い

セクター

Telecommunication, Agriculture, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-0899
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-0899
CVE Details	https://www.cvedetails.com/cve/CVE-2025-0899/

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!