CVE-2025-0907

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 11, 2025

Updated: Feb 12, 2025

CWE ID 125

Summary

CVE-2025-0907 is a vulnerability affecting PDF-XChange Editor, which allows remote attackers to disclose sensitive information through an out-of-bounds read issue during JB2 file parsing. The flaw arises due to insufficient validation of user-supplied data, enabling attackers to read past the end of an allocated object. This vulnerability does not result in code execution on its own but could be utilized in conjunction with other exploits to carry out more serious attacks, requiring users to visit malicious pages or open malicious files.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PDF-XChange Editor

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/274cCJ
https://www.cve.org/CVERecord?id=CVE-2025-0907
https://nvd.nist.gov/vuln/detail/CVE-2025-0907

Back to Vulnerability Database

CVE-2025-0907

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations