CVE-2025-67825
BaseFortify
Publication date: 2026-01-08
Last updated on: 2026-02-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nitro | pdf_pro | to 14.42.0.34 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Nitro PDF Pro for Windows before version 14.42.0.34 involves the software displaying signer information from a non-verified PDF field instead of the verified certificate subject. This means that a document could show inconsistent or misleading signer details because the displayed signer name might not match the actual verified certificate identity. The issue was fixed by updating the display logic to ensure signer information always reflects the verified certificate identity. [1]
How can this vulnerability impact me? :
This vulnerability could allow a document to present inconsistent or misleading signer information, potentially causing confusion or mistrust about the authenticity of a signed PDF document. Users might be misled about who actually signed the document if the displayed signer name is taken from an unverified field rather than the verified certificate. This could impact document integrity and trustworthiness. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to Nitro PDF Pro for Windows versions before 14.42.0.34 displaying signer information from non-verified PDF fields. Detection involves verifying the Nitro PDF Pro version installed on your system. You can check the installed version using standard Windows commands such as 'wmic product where "name like '%Nitro PDF Pro%'" get name, version' in Command Prompt or PowerShell. Additionally, inspecting PDF documents for inconsistent signer information manually or via Nitro PDF Pro's signature verification features can help identify affected files. There are no specific network detection commands provided. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update Nitro PDF Pro for Windows to version 14.42.0.34 or later, as this version includes fixes ensuring signer information is displayed only from verified certificate identities. Applying this update will prevent documents from presenting inconsistent signer details. Additionally, review and verify digital signatures carefully until the update is applied. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could potentially affect compliance with standards and regulations such as GDPR and HIPAA by allowing documents to display inconsistent signer information, which may undermine the integrity and authenticity of signed documents. Ensuring that signer information is accurately and consistently derived from verified certificates is important for maintaining trust and legal validity in electronic documents, which are often required by these regulations. The update to display signer information only from verified certificates helps mitigate this risk. [1]