Main Vulnerability Database Vulnerabilities #VU119879

#VU119879 Path traversal in PDF Architect - CVE-2025-14420

Published: December 12, 2025

Vulnerability identifier: #VU119879

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-14420

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PDF Architect

Software vendor:
pdfforge

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can trick a victim to open a specially crafted CBZ file and upload arbitrary files on the system, leading to arbitrary code execution.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.zerodayinitiative.com/advisories/ZDI-25-1077/

#VU119879 Path traversal in PDF Architect - CVE-2025-14420

Description

Remediation

External links

Please verify you're human