CVE-2025-67825
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-08

Last updated on: 2026-02-02

Assigner: MITRE

Description
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67825
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nitro pdf_pro to 14.42.0.34 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Nitro PDF Pro for Windows before version 14.42.0.34 involves the software displaying signer information from a non-verified PDF field instead of the verified certificate subject. This means that a document could show inconsistent or misleading signer details because the displayed signer name might not match the actual verified certificate identity. The issue was fixed by updating the display logic to ensure signer information always reflects the verified certificate identity. [1]

Impact Analysis

This vulnerability could allow a document to present inconsistent or misleading signer information, potentially causing confusion or mistrust about the authenticity of a signed PDF document. Users might be misled about who actually signed the document if the displayed signer name is taken from an unverified field rather than the verified certificate. This could impact document integrity and trustworthiness. [1]

Detection Guidance

This vulnerability relates to Nitro PDF Pro for Windows versions before 14.42.0.34 displaying signer information from non-verified PDF fields. Detection involves verifying the Nitro PDF Pro version installed on your system. You can check the installed version using standard Windows commands such as 'wmic product where "name like '%Nitro PDF Pro%'" get name, version' in Command Prompt or PowerShell. Additionally, inspecting PDF documents for inconsistent signer information manually or via Nitro PDF Pro's signature verification features can help identify affected files. There are no specific network detection commands provided. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately update Nitro PDF Pro for Windows to version 14.42.0.34 or later, as this version includes fixes ensuring signer information is displayed only from verified certificate identities. Applying this update will prevent documents from presenting inconsistent signer details. Additionally, review and verify digital signatures carefully until the update is applied. [1]

Compliance Impact

This vulnerability could potentially affect compliance with standards and regulations such as GDPR and HIPAA by allowing documents to display inconsistent signer information, which may undermine the integrity and authenticity of signed documents. Ensuring that signer information is accurately and consistently derived from verified certificates is important for maintaining trust and legal validity in electronic documents, which are often required by these regulations. The update to display signer information only from verified certificates helps mitigate this risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67825. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart