CVE-2025-51966
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| u-tools | utools | to 7.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51966 is a cross-site scripting (XSS) vulnerability in the PDF preview feature of the uTools desktop application for Windows (version 7.2.1 and earlier). The vulnerability occurs because uTools uses PDF.js to render PDF previews but fails to properly sanitize embedded JavaScript code within PDF font definitions, such as the FontMatrix field. When a user previews a specially crafted malicious PDF file, the embedded JavaScript executes within the application's privileged context, allowing attackers to run arbitrary code. [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to theft of sensitive information stored in uTools, such as notes, passwords, and scripts. Attackers can perform unauthorized actions within the application context, potentially compromising system integrity and using uTools as a foothold for further attacks. The vulnerability allows arbitrary JavaScript execution, which can be triggered simply by previewing a malicious PDF file within uTools. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if uTools version 7.2.1 or earlier is installed and if the file preview feature is enabled. To test for exploitation, you can create or obtain a specially crafted malicious PDF file containing embedded JavaScript payloads (such as multiple alert pop-ups). Then, use uTools' file search feature to locate and preview this PDF file. If the alerts appear, the vulnerability is present and exploitable. There are no specific network commands provided, but monitoring for unexpected JavaScript execution or alert pop-ups during PDF preview in uTools can indicate exploitation. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the file preview feature in uTools settings, or specifically disabling PDF file previews until an official patch is released. Avoid opening or previewing PDF files from untrusted sources within uTools. Applying these steps will prevent the embedded JavaScript in malicious PDFs from executing within the application context. [1, 2]