Skip to main content

Pdf Tools CVE-2025-6659

| EUVD-2025-19161 HIGH
Out-of-bounds Write (CWE-787)
2025-06-25 zdi-disclosures@trendmicro.com
RCE Buffer Overflow Adobe Pdf Tools Pdf Xchange Editor Pdf Xchange Pro
7.8
CVSS 3.0
Share

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-19161
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
CVE Published
Jun 25, 2025 - 22:15 nvd
HIGH 7.8

DescriptionNVD

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26734.

AnalysisAI

CVE-2025-6659 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that allows remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects PDF-XChange Editor users who open malicious PRC files or visit compromised websites, requiring user interaction but no special privileges. While the vulnerability demonstrates significant local exploitation potential, real-world risk depends on KEV/CISA status, EPSS probability data, and proof-of-concept availability, which would indicate active threat actor interest.

Technical ContextAI

The vulnerability exists in PDF-XChange Editor's PRC (Print Run Codebook/proprietary raster format) file parsing engine. The root cause is CWE-787 (Out-of-bounds Write), stemming from insufficient validation of user-supplied data during PRC file deserialization. When parsing specially crafted PRC files, the parser fails to properly validate buffer boundaries, allowing an attacker to write data past the allocated heap or stack buffer. This memory corruption can overwrite adjacent structures, function pointers, or return addresses, enabling arbitrary code execution in the context of the PDF-XChange Editor process. The vulnerability was tracked internally as ZDI-CAN-26734 before public disclosure.

RemediationAI

Immediate remediation steps: (1) Identify patch version from Tracker Software vendor advisory (typically announced in security bulletins at tracker-software.com/support or similar); (2) Deploy patch to all affected PDF-XChange Editor installations via Software Center/WSUS if centrally managed, or direct end-user notification if standalone; (3) Interim mitigations pending patching: disable PRC file association with PDF-XChange Editor in Windows file type associations; remove .prc file extension handlers; configure file type blocking policies via Group Policy (block .prc via AppLocker or equivalent); educate users to not open unsolicited PRC files; monitor for suspicious file opens via EDR/SIEM. (4) Long-term: enforce application whitelisting, restrict PDF-XChange Editor usage via Application Control if not business-critical, or replace with alternatives if feasible. Vendor advisory and patch details require cross-reference to Tracker Software security notifications—recommend checking tracker-software.com/changelog or contacting vendor support for precise patched version numbers.

Share

CVE-2025-6659 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy