High severity8.4NVD Advisory· Published Apr 13, 2026· Updated Apr 23, 2026

CVE-2025-69627

Description

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may process invalid or stale pointers. This can result in access violations and non-deterministic crashes.

Affected products

Gonitro/Nitro Pdf Pro
cpe:2.3:a:gonitro:nitro_pdf_pro:14.41.1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jeroscope.com/advisories/2025/jero-2025-016/nvdThird Party Advisory
nitro.comnvdNot Applicable

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000