CVE-2025-6662 is an out-of-bounds read vulnerability identified in PDF-XChange Editor version 10.5.2.395, specifically within the parsing of PRC files embedded in PDF documents. The vulnerability arises due to improper validation of user-supplied data during PRC file parsing, which leads to reading memory beyond the allocated buffer. This flaw can result in the disclosure of sensitive information from the memory space of the affected process. Exploitation requires user interaction, such as opening a malicious PDF file or visiting a web page that triggers the vulnerability. While the immediate impact is information disclosure, the vulnerability can be chained with other exploits to achieve arbitrary code execution within the context of the current process. The vulnerability has a CVSS 3.0 base score of 3.3, indicating a low severity primarily due to the requirement for local access (AV:L), no privileges required (PR:N), and user interaction (UI:R). No known exploits are currently reported in the wild, and no patches have been published at this time. The vulnerability was assigned and published by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-26985. The CWE classification is CWE-125, which corresponds to an out-of-bounds read condition. This vulnerability affects confidentiality by potentially leaking sensitive information but does not directly impact integrity or availability unless combined with other vulnerabilities for code execution.

For European organizations, the primary impact of CVE-2025-6662 is the risk of sensitive information leakage through crafted PDF documents containing malicious PRC files. Organizations relying on PDF-XChange Editor for document handling, especially in sectors dealing with confidential or personal data (e.g., finance, legal, healthcare, and government), could face data exposure risks if users open malicious PDFs. Although the vulnerability alone does not allow code execution, the possibility of chaining it with other vulnerabilities raises concerns about potential escalation to remote code execution, which could lead to system compromise. The requirement for user interaction limits the attack surface but does not eliminate risk, particularly in environments where users frequently handle external PDF files or receive documents from untrusted sources. The low CVSS score reflects limited immediate risk, but the strategic importance of document processing software in European enterprises means that even low-severity vulnerabilities warrant attention. Additionally, the lack of a patch increases exposure until a fix is released. The vulnerability could be exploited in targeted phishing campaigns or supply chain attacks leveraging malicious PDFs.

1. Implement strict email and web filtering to block or flag PDF files containing embedded PRC content from untrusted sources. 2. Educate users on the risks of opening unsolicited or suspicious PDF attachments and encourage verification of document sources. 3. Employ endpoint security solutions capable of detecting anomalous behavior related to PDF processing or memory access violations. 4. Use application whitelisting to restrict execution of unauthorized software that could be used to exploit chained vulnerabilities. 5. Monitor for updates from PDF-XChange and apply patches promptly once available. 6. Consider deploying sandboxing or isolated environments for opening untrusted PDF files to contain potential exploitation. 7. Conduct regular security assessments of document handling workflows to identify and mitigate exposure to malicious files. 8. Where feasible, limit the use of PDF-XChange Editor to trusted internal documents or replace it with alternative PDF readers with a stronger security track record until patches are released.