CVE-2026-25925 is a critical deserialization vulnerability classified under CWE-502 affecting modery's PowerDocu software prior to version 2.4.0. PowerDocu is a Windows GUI application designed for creating technical documentation. The vulnerability arises from the application's unsafe handling of JSON files within Flow or App packages, specifically its blind trust of the $type property. This property allows the JSON parser to instantiate .NET objects dynamically. An attacker who can supply a crafted JSON file can exploit this behavior to instantiate arbitrary .NET objects, leading to remote code execution (RCE) within the context of the user running PowerDocu. The CVSS 3.1 score of 7.8 reflects a high severity, with attack vector being local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact covers confidentiality, integrity, and availability, as arbitrary code execution can lead to data theft, modification, or system compromise. Although no exploits are currently known in the wild, the vulnerability is critical due to the ease of exploitation once a malicious JSON file is opened. The fix was introduced in version 2.4.0 by properly validating or restricting the deserialization process to prevent unsafe object instantiation. Organizations using affected versions should prioritize upgrading and reviewing their JSON input handling policies.

For European organizations, this vulnerability poses a significant risk, especially for those using PowerDocu in environments where technical documentation is critical, such as engineering firms, manufacturing, and infrastructure sectors. Successful exploitation could lead to unauthorized code execution, potentially resulting in data breaches, intellectual property theft, or disruption of documentation workflows. Given the local attack vector and requirement for user interaction, insider threats or phishing campaigns delivering malicious JSON files could be primary exploitation vectors. The compromise of documentation tools may also facilitate further lateral movement or supply chain attacks. Confidentiality and integrity of sensitive technical documents are at high risk, which could impact compliance with European data protection regulations such as GDPR. Availability impacts could disrupt operational processes relying on accurate documentation. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize such vulnerabilities post-disclosure.

1. Upgrade PowerDocu to version 2.4.0 or later immediately to apply the official patch addressing this vulnerability. 2. Implement strict validation and sanitization of all JSON files imported into PowerDocu, especially those containing the $type property, to prevent unsafe deserialization. 3. Restrict the sources from which JSON files can be loaded, limiting to trusted and verified origins only. 4. Educate users about the risks of opening untrusted or unsolicited JSON files and implement policies to reduce the risk of social engineering attacks. 5. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious process behaviors indicative of deserialization attacks. 6. Regularly audit and monitor logs for unusual activity related to PowerDocu usage, particularly file imports and execution events. 7. Consider isolating PowerDocu usage in sandboxed or virtualized environments to contain potential exploitation. 8. Coordinate with IT security teams to integrate vulnerability management processes ensuring timely updates and risk assessments for third-party software like PowerDocu.