Remote Code Execution Vulnerability in pdfforge PDF Architect
CVE-2025-14417

7.8HIGH

Key Information:

Vendor: PDFforge
Status: PDF Architect
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14417?

The pdfforge PDF Architect application contains a vulnerability that could allow remote attackers to execute arbitrary code on systems with affected installations. This issue arises from the improper implementation of the Launch action, failing to provide adequate warnings to users when executing potentially dangerous scripts. An attacker can exploit this by tricking users into visiting a malicious webpage or opening an infected file, subsequently executing code with the privileges of the current user. It is crucial for users to remain vigilant and apply appropriate updates or mitigations to avoid potential threats.

Affected Version(s)

PDF Architect 9.1.74.23030

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1074/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON

PDFforge

What is CVE-2025-14417?

Affected Version(s)

References

CVSS V3.0

Timeline