CVE-2025-54869
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| setasign | fpdi | 2.6.4 |
| setasign | fpdi | 2.6.3 |
| setasign | fpdi | 2.6.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in FPDI versions 2.6.2 and below, where processing user-supplied PDF files can lead to a Denial of Service (DoS). An attacker can upload a small malicious PDF that causes the server-side script to crash due to memory exhaustion, resulting in service disruption.
How can this vulnerability impact me? :
The vulnerability can cause your server-side application to crash and become unavailable when processing malicious PDF files, leading to denial of service and potential sustained service outages if attacks are repeated.
What immediate steps should I take to mitigate this vulnerability?
Upgrade FPDI to version 2.6.3 or later, as this version contains the fix for the Denial of Service vulnerability caused by processing malicious PDF files. Additionally, avoid processing untrusted or user-supplied PDF files with vulnerable versions of FPDI to prevent exploitation.