CVE-2025-64512: CWE-502: Deserialization of Untrusted Data in pdfminer pdfminer.six
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.
AI Analysis
Technical Summary
CVE-2025-64512 is a deserialization vulnerability classified under CWE-502 affecting pdfminer.six, a widely used Python library for extracting information from PDF documents. The vulnerability exists in the CMapDB._load_data() function, which deserializes data using Python's pickle.loads() method. Normally, pdfminer.six loads trusted pickle files from its internal cmap/ directory. However, a malicious PDF can specify an alternative directory and filename ending with .pickle.gz, causing pdfminer.six to load and decompress a malicious zipped pickle file. Since pickle deserialization can execute arbitrary code, this leads to remote code execution when the PDF is processed. The vulnerability requires no privileges but does require user interaction to open or process the malicious PDF. The scope is broad as any system using vulnerable pdfminer.six versions (< 20251107) to parse PDFs is at risk. The CVSS 3.1 score of 8.6 reflects high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. No known exploits are currently reported in the wild, but the vulnerability is critical due to the nature of pickle deserialization and the common use of pdfminer.six in automated PDF workflows.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to sectors relying heavily on automated PDF processing such as finance, legal, government, and software development. Exploitation can lead to arbitrary code execution on systems processing malicious PDFs, potentially resulting in data breaches, system compromise, lateral movement within networks, and disruption of critical services. Confidential information extracted or stored by these systems could be exposed or altered, impacting compliance with GDPR and other data protection regulations. The availability of affected systems could also be compromised, affecting business continuity. Since pdfminer.six is often integrated into larger applications or pipelines, the attack surface extends beyond standalone usage, increasing the risk of supply chain or third-party software compromise. The requirement for user interaction (opening or processing a malicious PDF) means phishing or social engineering could be used to deliver the exploit.
Mitigation Recommendations
1. Upgrade all instances of pdfminer.six to version 20251107 or later, which contains the fix preventing untrusted pickle deserialization. 2. Implement strict input validation and restrict PDF processing to trusted sources only, minimizing exposure to malicious PDFs. 3. Employ sandboxing or containerization for PDF processing workflows to isolate potential code execution from critical systems. 4. Monitor and log PDF processing activities to detect anomalous behavior indicative of exploitation attempts. 5. Educate users about the risks of opening PDFs from untrusted or unknown sources to reduce the likelihood of social engineering attacks. 6. Review and audit any custom code or third-party tools that integrate pdfminer.six to ensure they do not override safe defaults or introduce insecure configurations. 7. Consider disabling or replacing pickle-based deserialization in custom workflows with safer alternatives if feasible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Poland
CVE-2025-64512: CWE-502: Deserialization of Untrusted Data in pdfminer pdfminer.six
Description
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-64512 is a deserialization vulnerability classified under CWE-502 affecting pdfminer.six, a widely used Python library for extracting information from PDF documents. The vulnerability exists in the CMapDB._load_data() function, which deserializes data using Python's pickle.loads() method. Normally, pdfminer.six loads trusted pickle files from its internal cmap/ directory. However, a malicious PDF can specify an alternative directory and filename ending with .pickle.gz, causing pdfminer.six to load and decompress a malicious zipped pickle file. Since pickle deserialization can execute arbitrary code, this leads to remote code execution when the PDF is processed. The vulnerability requires no privileges but does require user interaction to open or process the malicious PDF. The scope is broad as any system using vulnerable pdfminer.six versions (< 20251107) to parse PDFs is at risk. The CVSS 3.1 score of 8.6 reflects high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. No known exploits are currently reported in the wild, but the vulnerability is critical due to the nature of pickle deserialization and the common use of pdfminer.six in automated PDF workflows.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to sectors relying heavily on automated PDF processing such as finance, legal, government, and software development. Exploitation can lead to arbitrary code execution on systems processing malicious PDFs, potentially resulting in data breaches, system compromise, lateral movement within networks, and disruption of critical services. Confidential information extracted or stored by these systems could be exposed or altered, impacting compliance with GDPR and other data protection regulations. The availability of affected systems could also be compromised, affecting business continuity. Since pdfminer.six is often integrated into larger applications or pipelines, the attack surface extends beyond standalone usage, increasing the risk of supply chain or third-party software compromise. The requirement for user interaction (opening or processing a malicious PDF) means phishing or social engineering could be used to deliver the exploit.
Mitigation Recommendations
1. Upgrade all instances of pdfminer.six to version 20251107 or later, which contains the fix preventing untrusted pickle deserialization. 2. Implement strict input validation and restrict PDF processing to trusted sources only, minimizing exposure to malicious PDFs. 3. Employ sandboxing or containerization for PDF processing workflows to isolate potential code execution from critical systems. 4. Monitor and log PDF processing activities to detect anomalous behavior indicative of exploitation attempts. 5. Educate users about the risks of opening PDFs from untrusted or unknown sources to reduce the likelihood of social engineering attacks. 6. Review and audit any custom code or third-party tools that integrate pdfminer.six to ensure they do not override safe defaults or introduce insecure configurations. 7. Consider disabling or replacing pickle-based deserialization in custom workflows with safer alternatives if feasible.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-11-05T21:15:39.399Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6912626244f28dbfe990a14d
Added to database: 11/10/2025, 10:08:34 PM
Last enriched: 1/9/2026, 10:36:18 AM
Last updated: 2/6/2026, 10:16:11 PM
Views: 189
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2069: Stack-based Buffer Overflow in ggml-org llama.cpp
MediumCVE-2026-25764: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in opf openproject
LowCVE-2026-25763: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in opf openproject
CriticalCVE-2026-2068: Buffer Overflow in UTT 进取 520W
HighCVE-2026-25760: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in BishopFox sliver
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.