See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-0899

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 11, 2025

Updated: Feb 12, 2025

CWE ID 416

Summary

CVE-2025-0899 is a remote code execution vulnerability affecting PDF-XChange Editor. This issue is linked to the improper handling of AcroForms, where an object's existence is not validated before performing operations on it. A user must visit a malicious webpage or open a crafted file for exploitation. An attacker can leverage this vulnerability to execute arbitrary code in the context of the affected system. (ZDI-CAN-25349)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PDF-XChange Editor

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

CVE-2025-0899

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations