Remote Code Execution Vulnerability in pdfforge PDF Architect
CVE-2025-14418

7HIGH

Key Information:

Vendor: PDFforge
Status: PDF Architect
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14418?

This vulnerability affects pdfforge PDF Architect and is rooted in its handling of XLS files. By allowing the execution of potentially harmful scripts without sufficient user warnings, it presents a risk where remote attackers can execute arbitrary code on the affected software. To exploit this flaw, an attacker needs the target user to interact, such as visiting a malicious webpage or opening a compromised file. This situation underscores the importance of user awareness and the implementation of robust security measures to mitigate risks from unsolicited or unknown sources.

Affected Version(s)

PDF Architect 9.1.74.23030

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1075/

x_research-advisory

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON

PDFforge

What is CVE-2025-14418?

Affected Version(s)

References

CVSS V3.0

Timeline