Insufficient UI Warning in PDFsam Enhanced Allows Remote Code Execution
CVE-2025-14403

7.8HIGH

Key Information:

Vendor: PDFsam
Status: Enhanced
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14403?

An insufficient user interface warning in PDFsam Enhanced allows remote attackers to execute arbitrary code on affected systems. This vulnerability arises from the implementation of the Launch action, permitting dangerous scripts to be executed without adequate user warnings. To exploit this flaw, an attacker must lure the user into visiting a malicious webpage or opening a compromised file. Once executed, the code runs within the context of the current user's privileges, potentially leading to unauthorized access and manipulation of sensitive data.

Affected Version(s)

Enhanced 7.0.76.15222

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1091/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON