CVE-2025-15569 is a vulnerability identified in the Artifex MuPDF library, specifically affecting versions 1.26.0 and 1.26.1 on Windows platforms. The issue resides in the get_system_dpi function located in platform/x11/win_main.c, where an uncontrolled search path allows an attacker with local access to influence which files or libraries are loaded or executed. This vulnerability arises from improper handling of system DPI retrieval, leading to potential path manipulation. The attack complexity is high, meaning exploitation requires significant skill or conditions, and no user interaction is needed. The vulnerability does not require elevated privileges but does require local access, limiting remote exploitation. The CVSS 4.0 score is 7.3 (high severity), reflecting the potential for significant confidentiality, integrity, and availability impacts if exploited. The vendor has released version 1.26.2 with a patch (commit ebb125334eb007d64e579204af3c264aadf2e244) that corrects the search path handling, effectively mitigating the vulnerability. No known exploits have been reported in the wild, but the flaw could be leveraged for local privilege escalation or code execution if an attacker gains access to a vulnerable system.

If exploited, this vulnerability could allow a local attacker to execute arbitrary code or escalate privileges by manipulating the search path used by the MuPDF application. This could lead to unauthorized access to sensitive information, modification or corruption of data, or disruption of service. Organizations relying on MuPDF for document rendering or processing on Windows systems may face risks of local compromise, particularly in environments where multiple users share systems or where local access controls are weak. Although remote exploitation is not feasible, insider threats or attackers with initial footholds could leverage this vulnerability to deepen access. The high complexity and lack of known exploits reduce immediate risk, but the potential impact on confidentiality, integrity, and availability remains significant, especially in sensitive or high-security environments.

To mitigate this vulnerability, organizations should immediately upgrade all affected MuPDF instances to version 1.26.2 or later, which contains the official patch correcting the uncontrolled search path issue. Additionally, enforce strict local access controls and user permissions to limit who can execute or interact with MuPDF binaries. Implement application whitelisting to prevent unauthorized code execution and monitor systems for unusual local activity that could indicate exploitation attempts. Regularly audit and harden the environment to reduce the risk of local privilege escalation. Where possible, isolate MuPDF usage to trusted environments and consider employing endpoint detection and response (EDR) tools to detect suspicious behaviors related to DLL or path manipulation. Finally, maintain up-to-date inventories of software versions to ensure timely patch management.