CVE-2025-6654 is a high-severity vulnerability classified under CWE-787 (Out-of-bounds Write) affecting PDF-XChange Editor version 10.5.2.395. The flaw resides in the PRC file parsing component of the PDF-XChange Editor, where improper validation of user-supplied data allows an attacker to write beyond the bounds of an allocated buffer. This memory corruption can be exploited to execute arbitrary code remotely within the context of the current process. Exploitation requires user interaction, specifically opening a maliciously crafted file or visiting a malicious webpage that triggers the vulnerable parsing routine. The vulnerability does not require prior authentication or elevated privileges, increasing its risk profile. The CVSS v3.0 score is 7.8, indicating high severity, with attack vector local (AV:L), attack complexity low (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the nature of the vulnerability and the widespread use of PDF-XChange Editor make it a significant threat. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-26729. No official patches have been published at the time of this report, increasing the urgency for mitigation measures.

European organizations using PDF-XChange Editor 10.5.2.395 are at risk of remote code execution attacks that could lead to full system compromise. Given the high impact on confidentiality, integrity, and availability, attackers could steal sensitive data, manipulate documents, or disrupt business operations. Sectors relying heavily on document processing, such as finance, legal, government, and healthcare, are particularly vulnerable. The requirement for user interaction (opening a malicious file or visiting a malicious page) means phishing campaigns or malicious document distribution could be effective attack vectors. The lack of authentication requirements lowers the barrier for exploitation, potentially enabling widespread attacks if weaponized exploits emerge. The absence of patches increases exposure time, and organizations without robust endpoint protection or user awareness training may face significant operational and reputational damage. Additionally, the vulnerability could be leveraged as an initial foothold for lateral movement within corporate networks, amplifying its impact.

Immediately restrict or monitor the use of PDF-XChange Editor version 10.5.2.395, especially in high-risk departments handling sensitive documents. Implement strict email filtering and attachment scanning to detect and block malicious PRC or PDF files that could exploit this vulnerability. Educate users to avoid opening unsolicited or suspicious PDF files and to verify the source before interacting with documents. Deploy application whitelisting and sandboxing techniques to limit the execution context of PDF-XChange Editor, reducing the impact of potential exploitation. Use endpoint detection and response (EDR) solutions capable of detecting anomalous behavior related to out-of-bounds memory writes or unusual process activity from PDF-XChange Editor. Regularly back up critical data and ensure backups are isolated from the main network to enable recovery in case of compromise. Monitor vendor communications closely for the release of official patches or updates and prioritize their deployment once available. Consider temporary use of alternative PDF readers with a strong security track record until the vulnerability is patched.