CVE-2025-0910

Summary

CVE-2025-0910 is a remote code execution vulnerability affecting PDF-XChange Editor. This issue arises from an out-of-bounds write flaw in the software's U3D file parsing process. The vulnerability can be exploited when a user opens a specially crafted file or visits a malicious webpage, granting attackers the ability to execute arbitrary code in the context of the current process. The flaw stems from insufficient validation of user-supplied data, leading to potential buffer overflows. This vulnerability, identified as ZDI-CAN-25748, poses a significant risk to affected installations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.