Information Disclosure Vulnerability in PDF-XChange Editor by Tracker Software
CVE-2025-0904

8.8HIGH

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor
Vendor: CVE Published:; 11 February 2025

Summary

The vulnerability affects PDF-XChange Editor due to improper validation of user-supplied data while parsing XPS files. This flaw enables remote attackers to disclose sensitive information by persuading users to visit a malicious page or open a harmful file. An attacker could exploit this information disclosure to execute further attacks or compromise the system's integrity. Proper security measures are essential to mitigate potential threats related to this vulnerability.

Affected Version(s)

PDF-XChange Editor 10.4.0.388

References

https://www.zerodayinitiative.com/advisories/ZDI-25-071/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 30, 2025