How to fix CVE-2025-6645?

Within 24 hours: Identify all systems running PDF-XChange Editor and restrict file access from untrusted sources; notify users to avoid opening PDFs from external senders. Within 7 days: Evaluate alternative PDF readers or disable U3D rendering features if available; implement file type restrictions at email gateways. Within 30 days: Develop a patching strategy with the vendor; consider mandatory software replacement if patches remain unavailable or deploy network controls to isolate affected systems.

Is Use After Free affected by CVE-2025-6645?

PDF-XChange Editor contains a critical remote code execution vulnerability affecting users who open malicious PDF files containing U3D objects.

CVE-2025-6645

EUVD-2025-19147 HIGH

2025-06-25 [email protected]

7.8

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 23:19 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 23:19 euvd

EUVD-2025-19147

CVE Published

Jun 25, 2025 - 22:15 nvd

HIGH 7.8

Description

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26642.

Analysis

CVE-2025-6645 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor across multiple versions when processing malicious U3D-embedded PDF files; attackers can execute arbitrary code in the application's process context, requiring only user interaction to open a malicious file or visit a compromised webpage. The vulnerability was previously tracked as ZDI-CAN-26642 and represents a critical remote code execution risk for users of this widely-used PDF editor.

Technical Context

The vulnerability exists in PDF-XChange Editor's implementation of U3D (Universal 3D) file parsing, a standard format for embedding 3D objects within PDF documents (ISO/IEC 14496-17). The root cause is classified as CWE-416 (Use-After-Free), where the parser fails to validate object existence before performing operations on heap-allocated memory structures related to U3D model data. This type of memory corruption vulnerability occurs when code attempts to access previously freed memory, leading to potential control-flow hijacking or arbitrary code execution. The defect is in the object lifecycle management within the PDF-XChange Editor library responsible for deserializing and processing U3D embedded objects, likely in file parsing routines that construct 3D model structures without proper reference counting or existence validation checks.

Affected Products

PDF-XChange Editor (vendor: Tracker Software Products Ltd.) — specific version ranges not provided in the description, but vulnerability likely affects multiple versions prior to patch release. Affected installations include: (1) PDF-XChange Editor Standard/Pro for Windows (primary target), (2) Any system with PDF-XChange Editor library integrated, (3) Likely vulnerable versions: pre-2024.x builds (specific patch version requires vendor advisory). CPE string probable: cpe:2.3:a:tracker_software:pdf-xchange_editor:*:*:*:*:*:*:*:* (version range TBD). No alternate products explicitly mentioned; however, other PDF editors embedding U3D parsers may share similar vulnerabilities if derived from comparable code. User should check Tracker Software Products official advisory for definitive version matrix and affected build numbers.

Remediation

Immediate actions: (1) Consult Tracker Software Products security advisory for CVE-2025-6645 patch release (likely PDF-XChange Editor version 2024.x or later—specific build number requires vendor confirmation), (2) Update PDF-XChange Editor to latest patched version immediately, prioritizing enterprise deployments, (3) Until patch available: disable U3D support if possible via application settings, restrict opening of untrusted PDF files, and educate users against opening PDFs from unverified sources. Mitigation: (4) Deploy application whitelisting to restrict PDF-XChange Editor execution in high-security environments, (5) Use file scanning solutions that decompose and inspect embedded U3D objects in PDF submissions, (6) Monitor for suspicious U3D-embedded PDFs in email gateways. Workarounds: Run PDF-XChange Editor in sandboxed environment (e.g., Sandboxie, Windows Sandbox) pending patch availability. Vendor patch status: Contact Tracker Software Products or monitor https://www.tracker-software.com/security for patch release timeline and CVE bulletin.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +39

POC: 0

CVE-2025-6645 vulnerability details – vuln.today

Back

CVE-2025-6645

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-6645

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code