ZDI: Published Advisories The following is a list of publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure. All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy.
- ZDI-25-1078: (0Day) pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
on December 11, 2025 at 6:00 amThis vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-14421.
- ZDI-25-1080: (0Day) Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-14407.
- ZDI-25-1079: (0Day) Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-14406.
- ZDI-25-1082: (0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-14409.
- ZDI-25-1081: (0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-14408.
- ZDI-25-1075: (0Day) pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-14418.
- ZDI-25-1073: (0Day) pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-14416.
- ZDI-25-1086: (0Day) Soda PDF Desktop CBZ File Parsing Directory Traversal Remote Code Execution Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-14413.
- ZDI-25-1085: (0Day) Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-14412.
- ZDI-25-1088: (0Day) Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerabilityon December 11, 2025 at 6:00 am
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-14415.
