How to fix CVE-2025-15569?

Within 24 hours: Identify all systems and applications using MuPDF versions up to 1.26.1 and document their business criticality and document processing scope. Within 7 days: Implement network segmentation to isolate MuPDF-dependent systems from sensitive networks and restrict document processing to trusted sources only. Within 30 days: Monitor Artifex security advisories for patch availability and establish a rapid deployment plan; consider evaluating alternative PDF libraries if MuPDF is non-critical to operations.

Is Windows affected by CVE-2025-15569?

CVE-2025-15569 affects Artifex MuPDF versions up to 1.26.1 through an untrusted search path vulnerability that could allow unauthorized code execution or privilege escalation.

CVE-2025-15569

HIGH

2026-02-10 [email protected]

7.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 11:16 nvd

HIGH 7.0

Description

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

Analysis

A flaw has been found in Artifex MuPDF versions up to 1.26.1 is affected by untrusted search path (CVSS 7.0).

Technical Context

This vulnerability (CWE-426: Untrusted Search Path) affects A flaw has been found in Artifex MuPDF. has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

Affected Products

Product: A flaw has been found in Artifex MuPDF. Versions: up to 1.26.1.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +35

POC: 0

CVE-2025-15569 vulnerability details – vuln.today

Back

CVE-2025-15569

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-15569

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code