CVE-2025-14405 is a local privilege escalation vulnerability affecting PDFsam Enhanced version 7.0.76.15222. The root cause is an uncontrolled search path element vulnerability (CWE-427) related to how the product loads its OpenSSL configuration file. Specifically, PDFsam Enhanced loads the OpenSSL configuration from an unsecured location, which can be manipulated by an attacker who has physical access to the system and can mount a malicious drive. By placing a crafted OpenSSL configuration file on this drive, the attacker can cause the application to load malicious code, resulting in arbitrary code execution with SYSTEM-level privileges. This vulnerability requires the attacker to have local access and the ability to mount external media, making remote exploitation infeasible. The impact includes full system compromise, allowing the attacker to bypass security controls, access sensitive data, and disrupt system availability. The vulnerability was assigned CVE-2025-14405 and has a CVSS v3.0 score of 6.6, indicating medium severity due to the local attack vector but high impact on confidentiality, integrity, and availability. No public exploits are known at this time, but the vulnerability was disclosed by the Zero Day Initiative (ZDI) under ZDI-CAN-27867. The lack of vendor patches at the time of disclosure necessitates immediate mitigation steps to prevent exploitation.

For European organizations, this vulnerability poses a significant risk in environments where PDFsam Enhanced is deployed on workstations or servers with physical access by multiple users or in less controlled environments. Successful exploitation can lead to full SYSTEM-level compromise, enabling attackers to steal sensitive information, manipulate documents, or disrupt business operations. Sectors such as government, finance, legal, and critical infrastructure that rely on PDFsam Enhanced for document processing are particularly at risk. The requirement for physical access limits the threat to insider attackers or scenarios where physical security is weak, such as shared office spaces or public terminals. However, the high impact on confidentiality, integrity, and availability means that even limited exploitation can have severe consequences, including data breaches, regulatory non-compliance, and operational downtime. The medium CVSS score reflects the balance between the attack complexity and potential damage. Organizations in Europe must consider this vulnerability in their risk assessments, especially where physical security controls are less stringent or where PDFsam Enhanced is widely used.

1. Restrict physical access to systems running PDFsam Enhanced to trusted personnel only, employing badge access, surveillance, and secure storage for devices. 2. Implement strict policies to prevent unauthorized mounting of external drives or media on critical systems, using endpoint security tools to block or alert on such actions. 3. Monitor system logs and file system changes for unexpected loading of configuration files or unusual OpenSSL activity. 4. Once available, promptly apply vendor patches or updates addressing CVE-2025-14405 to eliminate the vulnerability. 5. Consider application whitelisting to prevent execution of unauthorized binaries or scripts loaded via manipulated configuration files. 6. Educate staff about the risks of physical access attacks and enforce clean desk policies to reduce insider threat vectors. 7. Use disk encryption and secure boot mechanisms to reduce the risk of unauthorized drive mounting and code execution. 8. Conduct regular security audits and penetration testing focusing on physical security and local privilege escalation vectors. These targeted mitigations go beyond generic advice by focusing on the physical access requirement and the specific attack vector involving OpenSSL configuration loading.