CVE-2025-6658 is an out-of-bounds read vulnerability (CWE-125) found in PDF-XChange Editor version 10.5.2.395, specifically within the parsing of PRC files embedded in PDF documents. The vulnerability arises due to insufficient validation of user-supplied data during PRC file parsing, which allows an attacker to read memory beyond the allocated buffer boundaries. This can lead to the disclosure of sensitive information from the process memory space. Exploitation requires user interaction, such as opening a maliciously crafted PDF file or visiting a malicious webpage that triggers the vulnerable parsing routine. While the vulnerability itself results in information disclosure, it can be chained with other vulnerabilities to achieve arbitrary code execution within the context of the current process. The CVSS v3.0 base score is 3.3, indicating a low severity primarily because the attack vector is local (requires user interaction), no privileges are required, and the impact is limited to confidentiality with no direct effect on integrity or availability. There are no known exploits in the wild at the time of publication, and no patches have been released yet. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-26733.

For European organizations, the primary risk posed by CVE-2025-6658 is the potential leakage of sensitive information from memory when users open malicious PDF documents containing crafted PRC files. This could expose confidential data such as credentials, cryptographic keys, or other sensitive application data residing in memory. Although the vulnerability alone does not allow code execution, attackers could combine it with other vulnerabilities to escalate their attack, potentially leading to full system compromise. Organizations in sectors with high document exchange volumes, such as finance, legal, government, and healthcare, may be particularly at risk. The requirement for user interaction means that phishing or social engineering campaigns could be used to deliver malicious PDFs. Given the widespread use of PDF-XChange Editor in Europe, especially in professional and enterprise environments, the vulnerability could impact data confidentiality and trust in document handling processes. However, the low CVSS score and absence of known exploits suggest the immediate risk is limited but should not be ignored.

1. Implement strict email and web gateway filtering to block or quarantine suspicious PDF files, especially those containing embedded 3D or PRC content. 2. Educate users to be cautious when opening PDF attachments or links from untrusted sources, emphasizing the risk of social engineering. 3. Employ endpoint detection and response (EDR) solutions capable of detecting anomalous behavior related to PDF parsing or memory access violations. 4. Monitor for updates from the vendor (Tracker Software) and apply patches promptly once available. 5. Consider sandboxing PDF-XChange Editor usage or opening PDFs in isolated environments to limit potential impact. 6. Use application whitelisting and restrict execution privileges for PDF-XChange Editor to minimize the risk of chained exploits achieving code execution. 7. Conduct regular security awareness training focusing on phishing and malicious document threats. 8. Review and harden document handling policies, including disabling unnecessary features related to 3D or PRC content if possible.