CVE-2025-66769
NULL Pointer Dereference in Nitro PDF Pro Causes DoS
Publication date: 2026-04-13
Last updated on: 2026-04-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gonitro | nitro_pdf_pro | 14.41.1.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66769 is a denial-of-service vulnerability in Nitro PDF Pro version 14.41.1.4 caused by improper handling of an empty XFA array in PDF files.
When a specially crafted PDF contains an empty /XFA [] array within the /AcroForm dictionary, Nitro PDF Pro attempts to process XFA content despite the absence of a valid XFA node tree.
The application initializes internal XFA processing objects and tries to locate root nodes such as "xdp:xdp" and "template." However, because the /XFA array is empty, the first node lookup returns a NULL pointer, which is then passed unchecked to subsequent lookup functions.
The vulnerable function attempts to dereference this NULL pointer by accessing memory at offset 0x40 without validating the pointer, causing a NULL pointer dereference and an access violation. This results in the immediate crash of Nitro PDF Pro upon opening the malicious PDF file.
What immediate steps should I take to mitigate this vulnerability?
The vendor released a patch for this vulnerability on 2026-01-09.
Immediate mitigation steps include updating Nitro PDF Pro to the patched version released after 2026-01-09.
Until the update is applied, avoid opening untrusted or suspicious PDF files that may contain malicious XFA content.
How can this vulnerability impact me? :
This vulnerability allows an attacker to cause a Denial of Service (DoS) by crashing Nitro PDF Pro when opening a specially crafted PDF file.
The crash occurs due to a NULL pointer dereference triggered by the malicious PDF, which can disrupt normal use of the software and potentially interrupt workflows that depend on Nitro PDF Pro.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered when Nitro PDF Pro version 14.41.1.4 processes a specially crafted PDF file containing an empty /XFA [] array within the /AcroForm dictionary, causing a NULL pointer dereference and application crash.
Detection on your system can involve monitoring for crashes or Denial of Service events related to Nitro PDF Pro when opening PDF files.
Since the vulnerability is triggered by a crafted PDF file, you can detect attempts by scanning PDF files for the presence of an empty /XFA [] array in the /AcroForm dictionary.
No specific commands are provided in the available resources, but you might use PDF parsing tools or scripts to inspect PDF files for an empty /XFA [] array.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.