Information Disclosure Vulnerability in pdfforge PDF Architect
CVE-2025-14421

3.3LOW

Key Information:

Vendor: PDFforge
Status: PDF Architect
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14421?

The vulnerability affects pdfforge PDF Architect and is related to improper validation during PDF file parsing. This flaw enables remote attackers to potentially disclose sensitive information on systems running the affected versions. To exploit this vulnerability, user interaction is necessary, such as visiting a malicious website or opening a crafted PDF file. This shortcoming results in the possibility of reading past the end of allocated memory objects, which could allow an attacker to gain access to secured information. The issue could potentially be worsened if exploited in conjunction with other vulnerabilities, leading to further security risks within the affected system.

Affected Version(s)

PDF Architect 9.1.74.23030

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1078/

x_research-advisory

CVSS V3.0

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON

PDFforge

What is CVE-2025-14421?

Affected Version(s)

References

CVSS V3.0

Timeline