CVE-2025-66019 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-409, affecting the pypdf library, a widely used pure-Python PDF processing tool. The flaw exists in versions prior to 6.4.0 and is triggered when parsing PDF content streams that use the LZWDecode filter. An attacker can craft a malicious PDF file that causes the parser to consume excessive memory—up to approximately 1 GB per stream—leading to potential denial of service (DoS) by exhausting system resources. The vulnerability does not require any privileges, authentication, or user interaction, making it remotely exploitable simply by processing a malicious PDF. The excessive memory usage stems from inadequate handling and validation of the LZWDecode filter data during parsing, causing the parser to allocate large amounts of memory unnecessarily. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to applications that automatically process or render untrusted PDFs using vulnerable pypdf versions. The issue has been addressed in pypdf version 6.4.0, which includes fixes to properly limit resource consumption during LZWDecode stream parsing. The CVSS v4.0 base score is 6.6, reflecting a medium severity level due to the potential for DoS without requiring privileges or user interaction.

For European organizations, the primary impact of CVE-2025-66019 is the risk of denial of service through resource exhaustion when processing malicious PDFs. This can disrupt business operations, especially for sectors relying heavily on automated document processing, such as finance, legal, healthcare, and government services. Memory exhaustion can lead to application crashes, degraded performance, or system instability, potentially causing downtime and loss of productivity. Organizations that integrate pypdf into web services, document management systems, or automated workflows that handle untrusted PDFs are particularly vulnerable. Additionally, if exploited in a multi-tenant environment or cloud service, this vulnerability could affect multiple customers or services simultaneously. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact can be significant. The absence of known exploits reduces immediate risk, but the ease of exploitation and lack of required authentication make timely patching critical.

1. Upgrade all instances of pypdf to version 6.4.0 or later immediately to incorporate the patch addressing this vulnerability. 2. Implement strict input validation and sandboxing for PDF processing components to isolate and limit resource usage. 3. Enforce memory and CPU usage limits on processes handling PDF parsing, using containerization or operating system-level controls. 4. Monitor application logs and system metrics for unusual memory spikes or crashes related to PDF processing. 5. Where feasible, restrict or sanitize PDFs from untrusted sources before processing. 6. Conduct regular security assessments and code reviews of custom integrations using pypdf to ensure no vulnerable versions are in use. 7. Educate developers and system administrators about the risks of processing untrusted PDFs and the importance of timely updates.