CVE-2026-25880
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s system with the privileges of the current user, without any warning or user interaction beyond the menu click.
Analysis
SumatraPDF 3.5.2 and earlier on Windows allows arbitrary code execution when a user opens a PDF and selects "Show in folder," as the application executes a malicious explorer.exe binary from the same directory without warning. Public exploit code exists for this vulnerability, which affects any user who opens untrusted PDFs and interacts with the file menu option. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Issue security alert to all users prohibiting use of SumatraPDF's 'Show in folder' feature and advise against opening PDFs from untrusted sources. Within 7 days: Identify all SumatraPDF installations via endpoint management tools and evaluate replacement with patched alternatives (e.g., Adobe Reader, Foxit Reader). …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today