CVE-2025-63918 | THREATINT

Description

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-17 | Updated 2025-11-18 | Assigner mitre

References

www.cnblogs.com/pdfpatcher

github.com/wmjordan/PDFPatcher

github.com/...n/pdfpatcher/DirectoryTraversal-ImageExport.md

cve.org (CVE-2025-63918)

nvd.nist.gov (CVE-2025-63918)

Download JSON