CVE-2025-0908

Summary

CVE-2025-0908 is an information disclosure vulnerability affecting PDF-XChange Editor. This issue arises from an out-of-bounds read in the software's U3D file parsing process. Attackers can exploit this flaw by crafting malicious pages or files, requiring user interaction for successful exploitation. The lack of proper validation of user-supplied data leads to the read past the end of an allocated buffer. While this vulnerability does not directly result in code execution, it can be used in conjunction with other vulnerabilities to achieve that goal. ZDI-CAN-25557 was the identifier assigned to this issue prior to its publication in the CVE database.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.