CVE-2025-66019 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-409, affecting the py-pdf pypdf library, a widely used pure-Python PDF processing tool. Versions prior to 6.4.0 are vulnerable to an attack where an adversary crafts a malicious PDF file containing content streams encoded with the LZWDecode filter. When such a PDF is parsed, the decompression of these streams can cause excessive memory allocation, reaching up to 1 GB per stream, which can overwhelm the host system's resources. This uncontrolled memory consumption can lead to denial of service (DoS) conditions, potentially crashing or severely degrading the performance of applications relying on pypdf for PDF parsing or manipulation. The vulnerability is remotely exploitable without requiring any authentication or user interaction, as it is triggered simply by processing the malicious PDF. The issue was identified and patched in pypdf version 6.4.0. The CVSS 4.0 base score is 6.6 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction needed, and a high impact on availability. No known exploits have been reported in the wild, but the vulnerability poses a risk to any system that automatically processes untrusted PDFs using vulnerable pypdf versions.

For European organizations, this vulnerability can lead to denial of service attacks against systems that parse PDFs using vulnerable pypdf versions. This includes document management systems, automated PDF processing pipelines, web applications accepting PDF uploads, and any internal tools relying on pypdf. The high memory consumption can cause application crashes, degraded performance, or even system instability, impacting business continuity and service availability. Organizations handling large volumes of PDFs or those exposed to external PDF submissions are particularly at risk. The confidentiality and integrity of data are not directly impacted, but availability disruptions can affect operational workflows and customer-facing services. Given the widespread use of Python and open-source libraries in Europe, especially in sectors like finance, government, and publishing, the threat is relevant. The lack of authentication or user interaction requirements makes exploitation easier, increasing the risk of opportunistic attacks. However, the absence of known exploits in the wild suggests the threat is currently moderate but warrants proactive mitigation.

The primary mitigation is to upgrade all instances of pypdf to version 6.4.0 or later, where the vulnerability has been patched. Organizations should audit their software dependencies to identify and remediate vulnerable versions. For environments where immediate upgrading is not feasible, implementing resource usage monitoring and limiting memory consumption during PDF parsing can reduce risk. Employ sandboxing or containerization to isolate PDF processing components and prevent system-wide impact. Additionally, validate and sanitize PDF inputs, restricting uploads from untrusted sources or employing antivirus and malware scanning on PDFs before processing. Logging and alerting on abnormal memory usage during PDF handling can provide early detection of exploitation attempts. Finally, maintain awareness of updates from the pypdf project and CVE databases to respond promptly to any emerging threats or exploit reports.