Remote Code Execution Flaw in PDF-XChange Editor by Tracker Software
CVE-2025-6661

7.8HIGH

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor
Vendor: CVE Published:; 25 June 2025

🔔 Create PDF-xchange Vulnerability Alert

What is CVE-2025-6661?

This vulnerability in PDF-XChange Editor arises from improper management of App objects, allowing remote attackers to exploit the flaw through malicious webpages or files. Once exploited, the attacker can execute arbitrary code within the context of the current process, potentially compromising the affected system. Proper validation of object existence is crucial to mitigate this risk, highlighting the need for users to ensure they are using the latest software updates provided by Tracker Software.

Affected Version(s)

PDF-XChange Editor 10.5.2.395

References

https://www.zerodayinitiative.com/advisories/ZDI-25-446/

x_research-advisory

https://www.pdf-xchange.com/support/security-bulletins.html

vendor-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 25, 2025