Multiple Zero-Day Vulnerabilities in PDF Software Expose Users to XSS and One-Click Threats

Post Views: 129

Researchers Uncover 16 Unknown Vulnerabilities in PDF Platforms

Researchers at Novee Security have uncovered 16 previously unknown vulnerabilities in two widely used PDF platforms, Foxit and Apryse.

Discovery Made Using Novel Approach

The discovery was made using a novel approach that combined human expertise with artificial intelligence. By teaching an AI system to recognize patterns of potential vulnerabilities, the researchers were able to rapidly scan large amounts of code and identify high-impact flaws that might have been missed by traditional methods.

Vulnerabilities Could Allow Malicious Code Execution and Data Theft

The vulnerabilities, which include critical flaws in the Foxit signature server and Apryse WebViewer, could allow attackers to execute malicious code, steal login data, or even take control of a company’s backend servers. In some cases, the attacks can be triggered by simply opening a document or clicking a link, making them particularly dangerous.

Specific Vulnerabilities Identified

One of the most significant vulnerabilities, tracked as CVE-2025-70402 and CVE-2025-70400, affects Apryse WebViewer and allows attackers to run malicious code via a link. Another vulnerability, CVE-2025-70401, enables attackers to hide a script in the Author name of a PDF comment, which can steal login data when a victim interacts with the comment. A similar weakness was found in Foxit’s web plugins, tracked as CVE-2025-66500, which could allow attackers to trick the plugin into running a harmful script.

“The researchers attribute the vulnerabilities to the increasing complexity of modern PDF tools, which are built using advanced web technologies such as iframes and server-side rendering. This complexity can lead to \”trust boundary failures,\” where the software trusts data that it should be verifying.”

Patches Being Developed to Address Issues

The researchers attribute the vulnerabilities to the increasing complexity of modern PDF tools, which are built using advanced web technologies such as iframes and server-side rendering. However, the good news is that Novee Security worked with the affected vendors before publicly disclosing the vulnerabilities, and patches are being developed to address the issues.

Need for Companies to Reevaluate PDF Security

The discovery of these vulnerabilities highlights the need for companies to reevaluate their approach to PDF security. Rather than treating PDFs as low-risk files, organizations should recognize that they can be a potential entry point for attackers and take steps to secure them accordingly. By doing so, they can reduce the risk of falling victim to these types of attacks and protect their sensitive data.

Full List of Identified Vulnerabilities Available

The full list of identified vulnerabilities is available, and the researchers have provided detailed information on the flaws and the potential risks they pose. The discovery serves as a reminder of the importance of ongoing security research and the need for collaboration between vendors, researchers, and organizations to stay ahead of emerging threats.