Security Vulnerability Report
中文
CVE-2025-14415 CVSS 7.8 HIGH

CVE-2025-14415

Published: 2025-12-23 22:15:48
Last Modified: 2026-01-21 20:28:06
Source: [email protected]

Description

Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27494.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:sodapdf:soda_pdf:14.0.509.23030:*:*:*:*:*:*:* - VULNERABLE
Soda PDF Desktop < 最新版本(2025-01-15之前的所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-14415 PoC - Soda PDF Desktop Launch RCE # This PoC demonstrates the insufficient UI warning in Launch action # Note: This is for educational and security testing purposes only import json def generate_malicious_pdf_poc(): """ Generate a PoC demonstrating the Launch action vulnerability The malicious PDF would contain a Launch action that executes arbitrary commands without proper user warning dialogs """ poc_structure = { "vulnerability": "CVE-2025-14415", "product": "Soda PDF Desktop", "type": "Insufficient UI Warning leading to RCE", "attack_vector": { "method": "Malicious PDF with crafted Launch action", "required_interaction": "User opens malicious PDF file", "execution_context": "Current user privileges" }, "malicious_action": { "action_type": "Launch", "target": "cmd.exe /c <malicious_command>", "warning": "None - executes without user confirmation" }, "impact": [ "Arbitrary code execution", "System compromise", "Data exfiltration", "Malware installation" ] } return json.dumps(poc_structure, indent=2) def generate_attack_scenario(): """ Describe the attack scenario for exploiting this vulnerability """ return """ Attack Scenario: 1. Attacker creates a malicious PDF file with embedded Launch action 2. The Launch action contains a command to execute arbitrary code 3. Victim opens the PDF file with Soda PDF Desktop 4. Soda PDF Desktop processes the Launch action without warning 5. Arbitrary code executes in the context of the victim's session Example malicious Launch action structure: <</S /Launch /F (malicious.bat) /WS /P (/W /H)>> Where malicious.bat contains: @echo off powershell -EncodedCommand <base64_encoded_payload> """ if __name__ == "__main__": print(generate_malicious_pdf_poc()) print("\n" + "="*50) print(generate_attack_scenario())

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14415", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:48.390", "lastModified": "2026-01-21T20:28:05.977", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27494."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-356"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sodapdf:soda_pdf:14.0.509.23030:*:*:*:*:*:*:*", "matchCriteriaId": "ABC0E7B2-E242-4BD7-81E6-BA077750E564"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1088/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.