SecuriTricks - CVE-2025-0900

Description

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25368.

Product(s) Impacted

Vendor	Product	Versions
Tracker Software	Pdf-xchange Editor	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	tracker_software	pdf-xchange_editor	/	/	/	/	/	/	/	/

References

https://www.zerodayinitiative.com/advisories/ZDI-25-086/

CVSS Score

3.3 / 10

CVSS Data - 3.0

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: March 11, 2025, 9:15 p.m.
Last Modified: March 11, 2025, 9:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

zdi-disclosures@trendmicro.com

CVE-2025-0900