CVE-2025-63917 identifies a critical XML External Entity (XXE) vulnerability in PDFPatcher, a PDF processing tool, affecting versions up to 1.1.3.4663. The vulnerability arises because the application’s XML bookmark import functionality uses the .NET XmlDocument class without disabling the resolution of external entities. This misconfiguration enables attackers to craft malicious XML input containing external entity references. When processed, these references can cause the application to read arbitrary files from the victim’s filesystem, potentially exposing sensitive data. Additionally, attackers can leverage out-of-band (OOB) HTTP requests embedded in the XML to exfiltrate data covertly. The vulnerability also allows Server-Side Request Forgery (SSRF) attacks, enabling attackers to probe or interact with internal network resources that are otherwise inaccessible externally. Furthermore, the application is susceptible to denial of service (DoS) attacks through entity expansion (billion laughs attack), which can exhaust system resources and crash the application. The vulnerability does not require authentication or user interaction beyond processing a crafted XML bookmark import, increasing the risk of exploitation. Although no known exploits are currently reported in the wild, the technical ease of exploitation and the broad impact on confidentiality, integrity, and availability make this a significant threat. The lack of a CVSS score suggests the need for a manual severity assessment. The vulnerability affects organizations that utilize PDFPatcher for PDF manipulation, particularly those processing untrusted or external XML bookmark files.

For European organizations, this vulnerability poses a substantial risk to the confidentiality and availability of sensitive information. Attackers exploiting the XXE flaw can access confidential files, including intellectual property, personal data protected under GDPR, or internal configuration files, leading to data breaches and regulatory penalties. The SSRF capability can be used to pivot attacks into internal networks, potentially compromising critical infrastructure or internal services. Denial of service attacks can disrupt business operations, affecting service availability and causing operational downtime. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on PDFPatcher for document processing are particularly vulnerable. The ability to exfiltrate data via OOB channels complicates detection and response efforts. Given the widespread use of .NET applications in Europe and the reliance on PDF tools, the vulnerability could have a broad impact if exploited at scale.

Immediate mitigation involves disabling external entity resolution in the XML parser used by PDFPatcher. Developers or administrators should configure the .NET XmlDocument class to prohibit DTD processing and external entity resolution by setting XmlResolver to null and enabling secure XML parsing settings. Until an official patch is released, organizations should avoid importing XML bookmarks from untrusted sources or implement strict input validation and sandboxing of the import process. Network-level controls such as egress filtering can help prevent OOB data exfiltration and SSRF attacks by restricting outbound HTTP requests from the application environment. Monitoring for unusual outbound traffic and implementing anomaly detection can aid in early detection of exploitation attempts. Once a patch or updated version of PDFPatcher is available, organizations should apply it promptly. Additionally, conducting security awareness training for users handling PDF imports and reviewing application logs for suspicious activity are recommended.