CVE-2025-66019 is an uncontrolled resource consumption vulnerability (CWE-400) found in the pypdf library, a pure-Python open-source PDF manipulation tool widely used for reading and modifying PDF files. The flaw exists in versions prior to 6.4.0 and is triggered when parsing PDF content streams that use the LZWDecode filter. An attacker can craft a specially designed PDF file with malicious content streams that cause the parser to consume excessive memory—up to approximately 1 GB per stream—due to inefficient handling of the LZWDecode decompression process. This can lead to denial of service conditions by exhausting system memory, potentially crashing applications or degrading performance. The vulnerability requires no privileges, authentication, or user interaction, making it remotely exploitable simply by processing a malicious PDF. Although no known exploits are currently in the wild, the vulnerability poses a significant risk to any system that automatically processes untrusted PDFs using vulnerable pypdf versions. The issue was addressed and patched in pypdf version 6.4.0 by improving resource management during LZWDecode stream parsing.

For European organizations, the impact primarily involves denial of service scenarios where critical PDF processing applications or services become unresponsive or crash due to memory exhaustion. Industries such as finance, legal, government, and publishing that rely heavily on automated PDF workflows are at risk of operational disruption. Memory exhaustion can also lead to cascading failures in multi-tenant environments or cloud services, affecting availability and potentially causing downtime. Confidentiality and integrity are less directly impacted, but availability degradation can hinder business continuity and service delivery. Organizations using older versions of pypdf in document ingestion pipelines, content management systems, or automated report generation tools are particularly vulnerable. The absence of required authentication or user interaction increases the risk of exploitation from external sources, including malicious email attachments or web uploads.

The primary mitigation is to upgrade all instances of pypdf to version 6.4.0 or later, where the vulnerability has been patched. Organizations should audit their software dependencies to identify any usage of vulnerable pypdf versions, including indirect dependencies in larger applications. Implement input validation and sandboxing for PDF processing workflows to limit resource consumption and isolate failures. Deploy resource limits (memory quotas) on processes handling PDF parsing to prevent system-wide impact. Monitor application logs and system metrics for unusual memory spikes during PDF processing. Consider employing runtime application self-protection (RASP) or endpoint detection tools to detect anomalous behavior related to PDF parsing. Educate developers and system administrators about the risks of processing untrusted PDFs and enforce strict file source validation policies. Finally, maintain an up-to-date inventory of third-party libraries and apply security patches promptly.