CVE-2025-66769
Received Received - Intake
NULL Pointer Dereference in Nitro PDF Pro Causes DoS

Publication date: 2026-04-13

Last updated on: 2026-04-23

Assigner: MITRE

Description
A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66769
EUVD
EUVD-2025-209415
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gonitro nitro_pdf_pro 14.41.1.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vendor released a patch for this vulnerability on 2026-01-09.

Immediate mitigation steps include updating Nitro PDF Pro to the patched version released after 2026-01-09.

Until the update is applied, avoid opening untrusted or suspicious PDF files that may contain malicious XFA content.

Executive Summary

CVE-2025-66769 is a denial-of-service vulnerability in Nitro PDF Pro version 14.41.1.4 caused by improper handling of an empty XFA array in PDF files.

When a specially crafted PDF contains an empty /XFA [] array within the /AcroForm dictionary, Nitro PDF Pro attempts to process XFA content despite the absence of a valid XFA node tree.

The application initializes internal XFA processing objects and tries to locate root nodes such as "xdp:xdp" and "template." However, because the /XFA array is empty, the first node lookup returns a NULL pointer, which is then passed unchecked to subsequent lookup functions.

The vulnerable function attempts to dereference this NULL pointer by accessing memory at offset 0x40 without validating the pointer, causing a NULL pointer dereference and an access violation. This results in the immediate crash of Nitro PDF Pro upon opening the malicious PDF file.

Impact Analysis

This vulnerability allows an attacker to cause a Denial of Service (DoS) by crashing Nitro PDF Pro when opening a specially crafted PDF file.

The crash occurs due to a NULL pointer dereference triggered by the malicious PDF, which can disrupt normal use of the software and potentially interrupt workflows that depend on Nitro PDF Pro.

Detection Guidance

This vulnerability is triggered when Nitro PDF Pro version 14.41.1.4 processes a specially crafted PDF file containing an empty /XFA [] array within the /AcroForm dictionary, causing a NULL pointer dereference and application crash.

Detection on your system can involve monitoring for crashes or Denial of Service events related to Nitro PDF Pro when opening PDF files.

Since the vulnerability is triggered by a crafted PDF file, you can detect attempts by scanning PDF files for the presence of an empty /XFA [] array in the /AcroForm dictionary.

No specific commands are provided in the available resources, but you might use PDF parsing tools or scripts to inspect PDF files for an empty /XFA [] array.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart