Out-Of-Bounds Write Vulnerability in PDF-XChange Editor by Tracker Software Products
CVE-2025-6647

7.8HIGH

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor
Vendor: CVE Published:; 25 June 2025

🔔 Create PDF-xchange Vulnerability Alert

What is CVE-2025-6647?

This vulnerability arises from improper validation in the parsing of U3D files within PDF-XChange Editor. Attackers can exploit this flaw by directing users to visit a malicious webpage or open a compromised file, resulting in arbitrary code execution in the context of the affected application. This makes user interaction necessary for the attack to succeed, as the flaw allows writes beyond the allocated memory space, leading to potential system compromise.

Affected Version(s)

PDF-XChange Editor 10.5.2.395

References

https://www.zerodayinitiative.com/advisories/ZDI-25-432/

x_research-advisory

https://www.pdf-xchange.com/support/security-bulletins.html

vendor-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 25, 2025