216.73.217.64

CVE-2025-63917

· Published 17/11/2025 17:15 · Modified 18/11/2025 14:06

Labels: CVE-2025-63917 2025-11-17CVE-2025-63917CWE-611[email protected]

Essential information

Published
17/11/2025 17:15
Modified
18/11/2025 14:06
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

CVSS metrics

Description

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem, exfiltrate sensitive data via out-of-band (OOB) HTTP requests, perform SSRF attacks against internal network resources, or cause a denial of service via entity expansion attacks.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References