Out-Of-Bounds Read Vulnerability in PDF-XChange Editor by Tracker Software
CVE-2025-6653

3.3LOW

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor
Vendor: CVE Published:; 25 June 2025

🔔 Create PDF-xchange Vulnerability Alert

What is CVE-2025-6653?

The PDF-XChange Editor is exposed to an out-of-bounds read vulnerability that occurs during PRC file parsing. This flaw stems from insufficient validation of user-supplied input, leading to potential information disclosure. Attackers can exploit this vulnerability by convincing users to open a malicious PRC file or visit a compromised webpage. When triggered, the vulnerability may allow attackers to read past the allocated memory, potentially leading to further exploitation. Users are advised to ensure they are using the latest version to mitigate risk.

Affected Version(s)

PDF-XChange Editor 10.5.2.395

References

https://www.zerodayinitiative.com/advisories/ZDI-25-438/

x_research-advisory

https://www.pdf-xchange.com/support/security-bulletins.html

vendor-advisory

CVSS V3.0

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 25, 2025