Remote Code Execution Vulnerability in pdfforge PDF Architect
CVE-2025-14418

7HIGH

Key Information:

Vendor: PDFforge
Status: PDF Architect
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14418?

This vulnerability affects pdfforge PDF Architect and is rooted in its handling of XLS files. By allowing the execution of potentially harmful scripts without sufficient user warnings, it presents a risk where remote attackers can execute arbitrary code on the affected software. To exploit this flaw, an attacker needs the target user to interact, such as visiting a malicious webpage or opening a compromised file. This situation underscores the importance of user awareness and the implementation of robust security measures to mitigate risks from unsolicited or unknown sources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PDF Architect 9.1.74.23030

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1075/

x_research-advisory

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON

PDFforge

What is CVE-2025-14418?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.