Out-Of-Bounds Read in Soda PDF Desktop by Icecream Apps
CVE-2025-14411

3.3LOW

Key Information:

Vendor: Soda PDF
Status: Desktop
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14411?

The vulnerability in Soda PDF Desktop is related to improper validation when parsing PDF files. This weakness allows remote attackers to access sensitive data by enticing users to interact with malicious content, such as a compromised webpage or file. The flaw can potentially be exploited in conjunction with other vulnerabilities, opening the door for arbitrary code execution in the context of the application, thus posing significant security risks to users.

Affected Version(s)

Desktop 14.0.509.23030

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1084/

x_research-advisory

CVSS V3.0

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON