CVE-2026-25925 is a critical deserialization vulnerability affecting modery PowerDocu, a Windows GUI application used for technical documentation. Versions prior to 2.4.0 improperly parse JSON files within Flow or App packages by blindly trusting the $type property. This property allows the JSON deserializer to instantiate arbitrary .NET objects during deserialization. An attacker who can supply a crafted JSON file can exploit this flaw to execute arbitrary code within the context of the application. The vulnerability stems from CWE-502: Deserialization of Untrusted Data, a common and dangerous flaw in applications that deserialize data without proper validation or restrictions. The CVSS 3.1 base score is 7.8, with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, but user interaction needed, and high impact on confidentiality, integrity, and availability. Although no known exploits are reported in the wild, the vulnerability presents a significant risk due to the potential for remote code execution if an attacker can trick a user into opening a malicious package. The issue is resolved in PowerDocu version 2.4.0, which presumably implements safer deserialization practices or restricts the $type property usage. The vulnerability affects organizations that use PowerDocu for technical documentation workflows, especially those integrating third-party or user-generated JSON packages.

For European organizations, this vulnerability poses a serious risk to the confidentiality, integrity, and availability of systems running affected versions of PowerDocu. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to data theft, unauthorized access to sensitive technical documentation, or disruption of documentation workflows critical for operational continuity. Organizations in sectors such as manufacturing, engineering, and software development that rely heavily on PowerDocu for documentation may face operational delays or intellectual property exposure. Given the local attack vector and requirement for user interaction, the threat is more likely in environments where users handle untrusted or external JSON packages. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure. European organizations with strict compliance requirements around data protection and operational security must consider this vulnerability a high priority to mitigate.

1. Upgrade all installations of modery PowerDocu to version 2.4.0 or later immediately to apply the official fix. 2. Implement strict controls on the sources of JSON Flow or App packages, ensuring only trusted and verified packages are used. 3. Employ application whitelisting or sandboxing to limit the execution context of PowerDocu, reducing the impact of potential code execution. 4. Educate users to avoid opening untrusted or unsolicited documentation packages, emphasizing the risk of malicious JSON content. 5. Monitor logs and system behavior for unusual activity related to PowerDocu processes, especially around package loading events. 6. Where possible, disable or restrict features that allow importing or loading external JSON packages if not essential. 7. Conduct regular security assessments and penetration testing focusing on deserialization and input validation weaknesses in documentation tools. 8. Collaborate with vendors to receive timely updates and security advisories.