Memory Corruption Vulnerability in Soda PDF Desktop
CVE-2025-14407

3.3LOW

Key Information:

Vendor: Soda PDF
Status: Desktop
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14407?

Soda PDF Desktop is susceptible to a memory corruption vulnerability due to inadequate validation of user-supplied data during PDF file parsing. This flaw enables remote attackers to potentially disclose sensitive information by convincing users to open malicious PDF files or visit harmful web pages. Exploitation of this vulnerability could allow attackers to execute arbitrary code within the context of the affected application, amplifying the risks associated with information handling in vulnerable installations.

Affected Version(s)

Desktop 14.0.509.23030

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1080/

x_research-advisory

CVSS V3.0

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON