CVE-2025-27931

{"id": "CVE-2025-27931", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-08-05T15:15:28.800", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2171", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}, {"lang": "es", "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en la funcionalidad EMF de PDF-XChange Editor versi\u00f3n 10.5.2.395. Al usar un archivo EMF especialmente manipulado, un atacante podr\u00eda explotar esta vulnerabilidad para realizar una lectura fuera de los l\u00edmites, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial."}], "lastModified": "2025-08-22T20:35:26.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.5.2.395:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38301DEE-CA79-48C7-9E8C-1EA9EDEFACD3"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}