Insufficient UI Warning in pdfforge PDF Architect Allows Remote Code Execution
CVE-2025-14416

7HIGH

Key Information:

Vendor

PDFforge

Status
PDF Architect
Vendor
CVE Published:
23 December 2025

What is CVE-2025-14416?

A vulnerability in pdfforge PDF Architect allows remote attackers to execute arbitrary code by exploiting insufficient user interface warnings related to DOC file processing. When a user visits a malicious webpage or opens a compromised file, harmful scripts can run without appropriate alerts. This enables an attacker to execute code in the context of the current user, creating significant security risks.

Affected Version(s)

PDF Architect 9.1.74.23030

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1073/
x_research-advisory

CVSS V3.0

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.