CVE-2025-15569 is a vulnerability identified in the Artifex MuPDF software, specifically affecting versions 1.26.0 and 1.26.1 on Windows platforms. The flaw resides in the get_system_dpi function within the file platform/x11/win_main.c, where an uncontrolled search path issue exists. This vulnerability allows an attacker with local access and limited privileges to manipulate the search path used by the application, potentially causing the program to load malicious code or libraries. The attack complexity is high, meaning exploitation requires significant skill and conditions, and no user interaction is needed. The vulnerability impacts confidentiality, integrity, and availability, as it could allow privilege escalation or arbitrary code execution if exploited successfully. The CVSS 4.0 base score is 7.3, reflecting a high severity level. The vendor has addressed the issue in version 1.26.2, and upgrading to this version is the recommended remediation. There are no known exploits in the wild at the time of publication, but the vulnerability's presence in a widely used PDF rendering library makes it a concern for organizations relying on MuPDF for document processing on Windows systems.

For European organizations, this vulnerability poses a risk primarily to systems running MuPDF on Windows, which may be used in document processing, viewing, or embedded in other applications. Successful exploitation could lead to local privilege escalation or execution of arbitrary code, compromising system integrity and potentially leading to data breaches or disruption of services. Sectors such as finance, government, legal, and software development, which frequently handle sensitive documents and may use MuPDF, are at higher risk. The high attack complexity and requirement for local access reduce the likelihood of widespread exploitation, but insider threats or compromised endpoints could leverage this flaw. The impact on confidentiality, integrity, and availability is significant if exploited, potentially leading to unauthorized data access, system manipulation, or denial of service.

European organizations should immediately verify if MuPDF versions 1.26.0 or 1.26.1 are deployed on Windows systems and prioritize upgrading to version 1.26.2 or later. Beyond patching, organizations should enforce strict local access controls and monitor for unusual activity on endpoints running MuPDF. Implement application whitelisting to prevent unauthorized code execution and use endpoint detection and response (EDR) tools to detect attempts to exploit local vulnerabilities. Regularly audit installed software versions and maintain an up-to-date inventory of applications. Educate users about the risks of local privilege escalation vulnerabilities and enforce the principle of least privilege to minimize potential damage from compromised accounts. Additionally, consider isolating systems that process sensitive documents to reduce exposure.