CVE-2025-6652 is an out-of-bounds read vulnerability identified in PDF-XChange Editor version 10.5.2.395, specifically within the parsing of PRC (Product Representation Compact) files embedded in PDFs. The vulnerability arises due to insufficient validation of user-supplied data during PRC file parsing, which allows an attacker to read memory beyond the allocated bounds of an object. This out-of-bounds read can lead to the disclosure of sensitive information from the memory space of the affected process. Exploitation requires user interaction, such as opening a maliciously crafted PDF file or visiting a web page containing such a file. While the vulnerability itself is an information disclosure issue, it can be chained with other vulnerabilities to achieve arbitrary code execution within the context of the PDF-XChange Editor process. The vulnerability has a CVSS 3.0 base score of 3.3, reflecting low severity primarily due to the requirement for local access (attack vector: local), low complexity, no privileges required, and user interaction. No known exploits are currently reported in the wild. The vulnerability was cataloged by the Zero Day Initiative (ZDI) as ZDI-CAN-26724 and is classified under CWE-125 (Out-of-bounds Read). No patches or updates have been explicitly linked yet, indicating that affected users should monitor vendor advisories closely. Given the widespread use of PDF-XChange Editor in professional and enterprise environments for PDF viewing and editing, this vulnerability could be leveraged to leak sensitive information if a user opens a malicious file, potentially exposing confidential data stored in memory during document processing.

For European organizations, the primary impact of CVE-2025-6652 is the potential leakage of sensitive information from memory when users open malicious PDF documents containing crafted PRC files. This could include exposure of confidential business data, personally identifiable information (PII), or other sensitive content resident in the application’s memory. Although the vulnerability alone does not allow code execution, its ability to be chained with other vulnerabilities increases the risk profile, potentially leading to full compromise of affected systems. Organizations in sectors with high document exchange volumes, such as finance, legal, government, and healthcare, are particularly at risk. The requirement for user interaction limits the attack surface but does not eliminate risk, especially in environments where PDF files are frequently received from external or untrusted sources. The low CVSS score suggests limited immediate risk; however, the possibility of information disclosure can aid attackers in reconnaissance or subsequent targeted attacks. Additionally, the lack of a patch at the time of disclosure means organizations must rely on mitigations and user awareness to reduce exposure. The impact on confidentiality is low to moderate, with no direct impact on integrity or availability reported.

To mitigate CVE-2025-6652 effectively, European organizations should implement the following specific measures: 1) Restrict the use of PDF-XChange Editor version 10.5.2.395 by upgrading to the latest version once a patch is released or temporarily switching to alternative PDF viewers with no known vulnerabilities in PRC parsing. 2) Employ strict email and web gateway filtering to block or quarantine PDF files containing embedded PRC data from untrusted or external sources. 3) Educate users about the risks of opening unsolicited or suspicious PDF attachments and encourage verification of file sources before opening. 4) Implement application whitelisting and sandboxing for PDF-XChange Editor to limit the impact of potential exploitation, preventing the application from accessing sensitive system resources or network communications. 5) Monitor endpoint logs and network traffic for unusual behavior indicative of exploitation attempts, especially in environments where PDF-XChange Editor is widely used. 6) Use Data Loss Prevention (DLP) tools to detect and prevent unauthorized exfiltration of sensitive information that could result from memory disclosure. 7) Coordinate with IT and security teams to develop incident response plans specific to PDF-based attacks, ensuring rapid containment if exploitation is suspected.