CVE-2025-69627
Received Received - Intake
Use-After-Free in Nitro PDF Pro JavaScript Method Causes Crashes

Publication date: 2026-04-13

Last updated on: 2026-04-23

Assigner: MITRE

Description
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may process invalid or stale pointers. This can result in access violations and non-deterministic crashes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69627
EUVD
EUVD-2025-209419
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gonitro nitro_pdf_pro 14.41.1.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69627 is a use-after-free vulnerability in Nitro PDF Pro version 14.41.1.4. It occurs in the JavaScript method this.mailDoc() when processing a crafted PDF. During execution, an internal XID object is allocated and then prematurely freed, but the program continues to use the freed pointer in UI and logging functions. This use of a dangling pointer can cause undefined behavior such as access violations or crashes, especially during string comparison operations.

Impact Analysis

This vulnerability can cause Nitro PDF Pro to crash or behave unpredictably when opening a malicious PDF that triggers the this.mailDoc() method. The use-after-free condition may lead to access violations, resulting in application instability or denial of service. An attacker could exploit this by crafting a PDF that causes the application to crash, potentially disrupting normal use.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or access violations in Nitro PDF Pro version 14.41.1.4 when opening PDFs that invoke the JavaScript method this.mailDoc(). Specifically, if a PDF triggers this.mailDoc(), the application may crash due to use-after-free errors.

Detection can involve opening suspicious or untrusted PDFs in a controlled environment and observing for crashes or abnormal behavior related to this.mailDoc().

Since the vulnerability is triggered by the JavaScript method this.mailDoc(), you can also scan PDF files for embedded JavaScript code that calls this.mailDoc().

  • Use a PDF analysis tool or script to search for the string "this.mailDoc()" inside PDF files.
  • Example command using grep on a collection of PDFs: grep -r --include="*.pdf" "this.mailDoc()" /path/to/pdf/files
  • Monitor application logs or Windows Event Viewer for Nitro PDF Pro crashes or access violation errors.
Mitigation Strategies

The immediate mitigation step is to apply the vendor-provided patch released on February 2, 2026, which fixes the use-after-free vulnerability in Nitro PDF Pro version 14.41.1.4.

Until the patch can be applied, avoid opening untrusted or suspicious PDF files that may contain JavaScript invoking this.mailDoc().

Consider disabling JavaScript execution within Nitro PDF Pro if the application settings allow it, to prevent exploitation via malicious JavaScript.

Monitor Nitro PDF Pro for crashes and investigate any abnormal behavior promptly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69627. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart