CVE-2025-57810 is a high-severity vulnerability affecting versions of the parallax jsPDF library prior to 3.0.2. jsPDF is a widely used JavaScript library that enables client-side generation of PDF documents. The vulnerability arises from improper input validation (CWE-20) in the addImage method, specifically concerning the first argument which accepts image data or URLs. An attacker who can supply unsanitized image data, particularly a crafted PNG file, can trigger excessive CPU utilization leading to denial of service (DoS) conditions. This is due to the library's failure to properly validate or sanitize the input before processing it, allowing resource exhaustion attacks. The vulnerability does not require any authentication or user interaction, and can be exploited remotely over the network (AV:N), making it highly accessible to attackers. The CVSS 4.0 base score is 8.7, reflecting the high impact on availability (VA:H) with no required privileges or user interaction. The flaw was addressed and fixed in jsPDF version 3.0.2. No known exploits are currently reported in the wild, but the ease of exploitation and the critical impact on availability make this a significant threat to applications relying on vulnerable versions of jsPDF for PDF generation.

For European organizations, the impact of this vulnerability can be substantial, especially for web applications and services that utilize jsPDF for dynamic PDF generation, such as invoicing systems, reporting tools, or document management platforms. An attacker could exploit this vulnerability to cause denial of service by sending malicious image data, potentially disrupting business operations, degrading user experience, and causing service outages. This could lead to financial losses, reputational damage, and compliance issues, particularly under regulations like GDPR where service availability and data integrity are critical. Organizations in sectors such as finance, healthcare, government, and e-commerce that rely heavily on PDF generation for document workflows are particularly at risk. Additionally, since exploitation does not require authentication or user interaction, any exposed web interface using vulnerable jsPDF versions is susceptible to automated attacks or mass exploitation attempts.

To mitigate this vulnerability, European organizations should immediately upgrade all instances of jsPDF to version 3.0.2 or later, where the input validation flaw has been fixed. Beyond patching, developers should implement strict input validation and sanitization on any user-supplied data passed to the addImage method, including verifying image formats and sizes before processing. Employing Web Application Firewalls (WAFs) with rules to detect and block anomalous or malformed image payloads can provide an additional layer of defense. Monitoring CPU utilization and application performance metrics can help detect early signs of exploitation attempts. It is also advisable to conduct code audits and dependency scans regularly to identify and remediate vulnerable library versions. For critical systems, consider isolating PDF generation processes or running them with limited resource quotas to minimize the impact of potential DoS attacks.