CVE-2025-6655 is a security vulnerability classified as an out-of-bounds read (CWE-125) found in PDF-XChange Editor version 10.5.2.395. The flaw exists in the parsing of PRC files, a 3D file format embedded within PDFs. Due to insufficient validation of user-supplied data during PRC file parsing, the software can read memory beyond the allocated buffer boundaries. This out-of-bounds read can lead to the disclosure of sensitive information from the process memory. Exploitation requires user interaction, specifically opening a maliciously crafted PDF file or visiting a malicious web page that triggers the vulnerable parsing routine. While the vulnerability itself primarily results in information disclosure, it can be chained with other vulnerabilities to achieve arbitrary code execution within the context of the PDF-XChange Editor process. The CVSS v3.0 base score is 3.3, indicating a low severity level, with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), and impact limited to confidentiality (C:L) without affecting integrity or availability. No known public exploits or patches are currently available. The vulnerability was publicly disclosed on June 25, 2025, and was assigned the identifier ZDI-CAN-26730 by the Zero Day Initiative prior to CVE assignment.

For European organizations, the primary impact of CVE-2025-6655 is the potential leakage of sensitive information from memory when users open malicious PDF files containing crafted PRC data. This could expose confidential data such as document contents, user credentials, or other sensitive in-memory information. Although the vulnerability alone does not allow code execution, it could be leveraged in multi-stage attacks combined with other vulnerabilities to compromise systems. Organizations heavily reliant on PDF-XChange Editor for document handling, especially in sectors like finance, legal, healthcare, and government, may face increased risk of data exposure. The requirement for user interaction limits mass exploitation but targeted spear-phishing campaigns could exploit this vector. Since PDF-XChange Editor is commonly used in Europe, especially in small to medium enterprises and public sector entities, the risk of information disclosure could impact compliance with data protection regulations such as GDPR. However, the low CVSS score and absence of known exploits suggest the immediate threat level is limited, but vigilance is warranted given the potential for escalation.

1. Restrict or monitor the use of PDF-XChange Editor version 10.5.2.395, especially for opening untrusted or unsolicited PDF files containing embedded 3D content (PRC files). 2. Implement strict email filtering and attachment scanning to detect and quarantine suspicious PDFs with embedded PRC data. 3. Educate users to avoid opening PDFs from unknown or untrusted sources, emphasizing the risk of embedded 3D content exploitation. 4. Employ endpoint detection and response (EDR) solutions to monitor abnormal memory access patterns or process behavior related to PDF-XChange Editor. 5. Where possible, disable or restrict the rendering of embedded 3D content in PDFs within the application settings or via group policy. 6. Maintain up-to-date backups and ensure incident response plans include scenarios involving document-based attacks. 7. Monitor vendor communications for patches or updates addressing this vulnerability and apply them promptly upon release. 8. Consider alternative PDF viewers with a lower attack surface for handling sensitive documents until a patch is available.