Home

Description

An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.

PUBLISHED Reserved 2025-11-18 | Published 2026-02-03 | Updated 2026-02-04 | Assigner mitre




HIGH: 8.8CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N

References

www.fpdf.org

github.com/Setasign/FPDF

advisories.gitlab.com/...com/tc-lib-pdf-font/CVE-2024-56520/

cve.org (CVE-2025-65875)

nvd.nist.gov (CVE-2025-65875)

Download JSON