Unrated severityNVD Advisory· Published Nov 17, 2025· Updated Nov 17, 2025
CVE-2025-63917
CVE-2025-63917
Description
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem, exfiltrate sensitive data via out-of-band (OOB) HTTP requests, perform SSRF attacks against internal network resources, or cause a denial of service via entity expansion attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <= 1.0.4663
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.