CVE-2025-6642
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-01
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pdf-xchange | pdf-tools | 10.5.2.395 |
| pdf-xchange | pdf-xchange_editor | 10.5.2.395 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote code execution flaw in PDF-XChange Editor related to the parsing of U3D files. It occurs because the software does not properly validate user-supplied data, leading to an out-of-bounds read past the end of an allocated object. An attacker can exploit this by convincing a user to open a malicious file or visit a malicious page, allowing the attacker to execute arbitrary code within the context of the affected process.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the PDF-XChange Editor process. This could lead to unauthorized actions such as installing malware, stealing data, or taking control of the affected system. Exploitation requires user interaction, such as opening a malicious file or visiting a malicious webpage.