CVE-2025-14405 is a local privilege escalation vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting PDFsam Enhanced version 7.0.76.15222. The vulnerability stems from the product loading its OpenSSL configuration file from an insecure and uncontrolled location, which can be manipulated by an attacker. Specifically, the software searches for the OpenSSL configuration file in a path that can be influenced by mounting a malicious drive. An attacker with physical presence on the machine can mount a crafted drive containing a malicious OpenSSL configuration file. When PDFsam Enhanced loads this configuration, it executes arbitrary code embedded within it with SYSTEM-level privileges. This allows the attacker to escalate from a limited user context to full system control without requiring user interaction. The CVSS 3.0 score is 6.6, reflecting medium severity, with attack vector as physical (AV:P), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality, integrity, and availability at a high level (C:H/I:H/A:H). No patches or known exploits are currently available, but the vulnerability was publicly disclosed on December 23, 2025. The flaw is significant because it leverages a common cryptographic library (OpenSSL) configuration loading mechanism, which is often trusted and runs with high privileges. Organizations using this version of PDFsam Enhanced in environments where physical security is limited are particularly vulnerable.

For European organizations, the impact of CVE-2025-14405 can be severe in scenarios where physical access to systems is possible, such as in shared office spaces, public terminals, or poorly secured facilities. Successful exploitation leads to SYSTEM-level code execution, allowing attackers to compromise sensitive data, install persistent malware, or disrupt critical services. This can result in data breaches violating GDPR regulations, operational downtime, and reputational damage. Since PDFsam Enhanced is used for PDF manipulation, organizations handling sensitive documents (legal, financial, governmental) are at higher risk. The vulnerability's reliance on physical access limits remote exploitation but does not eliminate risk in environments with insider threats or inadequate physical controls. The lack of patches increases exposure until remediation is available. The medium severity rating indicates a significant but not critical threat, emphasizing the importance of physical security and monitoring in affected environments.

1. Enforce strict physical security controls to prevent unauthorized personnel from accessing or connecting external drives to systems running PDFsam Enhanced. 2. Implement endpoint security solutions that detect and block unauthorized removable media or alert on new device mounts. 3. Restrict user permissions to prevent mounting of external drives where possible, or use device control policies to whitelist approved devices. 4. Monitor system logs for unusual activity related to drive mounting or OpenSSL configuration file access. 5. Once available, promptly apply vendor patches or updates addressing this vulnerability. 6. Consider running PDFsam Enhanced in a sandboxed or containerized environment to limit the impact of potential exploitation. 7. Educate staff about the risks of physical access attacks and enforce clean desk policies to reduce insider threats. 8. Regularly audit installed software versions to identify and upgrade vulnerable instances of PDFsam Enhanced.