Signature Forgery Vulnerability in Poppler by FreeDesktop
CVE-2025-43903

4.3MEDIUM

Key Information:

Vendor: Freedesktop
Status: Poppler
Vendor: CVE Published:; 18 April 2025

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2025-43903?

The vulnerability in Poppler, located in the NSSCryptoSignBackend.cc file, involves a failure to verify the adbe.pkcs7.sha1 signatures on documents prior to version 25.04.0. This oversight allows potential forgery of digital signatures, posing a significant risk to the integrity of signed documents. It is crucial for users of affected versions to apply the necessary updates to mitigate this security risk.

Affected Version(s)

Poppler 0 < 25.04.0

References

https://gitlab.freedesktop.org/poppler/poppler/-/commit/f...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025