CVE-2025-51966
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-05

Assigner: MITRE

Description
A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perform unauthorized actions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-51966
EUVD
EUVD-2025-26422
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
u-tools utools to 7.1.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-51966 is a cross-site scripting (XSS) vulnerability in the PDF preview feature of the uTools desktop application for Windows (version 7.2.1 and earlier). The vulnerability occurs because uTools uses PDF.js to render PDF previews but fails to properly sanitize embedded JavaScript code within PDF font definitions, such as the FontMatrix field. When a user previews a specially crafted malicious PDF file, the embedded JavaScript executes within the application's privileged context, allowing attackers to run arbitrary code. [1, 2]

Impact Analysis

Exploitation of this vulnerability can lead to theft of sensitive information stored in uTools, such as notes, passwords, and scripts. Attackers can perform unauthorized actions within the application context, potentially compromising system integrity and using uTools as a foothold for further attacks. The vulnerability allows arbitrary JavaScript execution, which can be triggered simply by previewing a malicious PDF file within uTools. [2]

Detection Guidance

This vulnerability can be detected by identifying if uTools version 7.2.1 or earlier is installed and if the file preview feature is enabled. To test for exploitation, you can create or obtain a specially crafted malicious PDF file containing embedded JavaScript payloads (such as multiple alert pop-ups). Then, use uTools' file search feature to locate and preview this PDF file. If the alerts appear, the vulnerability is present and exploitable. There are no specific network commands provided, but monitoring for unexpected JavaScript execution or alert pop-ups during PDF preview in uTools can indicate exploitation. [1, 2]

Mitigation Strategies

Immediate mitigation steps include disabling the file preview feature in uTools settings, or specifically disabling PDF file previews until an official patch is released. Avoid opening or previewing PDF files from untrusted sources within uTools. Applying these steps will prevent the embedded JavaScript in malicious PDFs from executing within the application context. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-51966. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart