关键漏洞信息 CVE ID: CVE-2025-14411 CVSS Score: 3.3, AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Vendors: Soda PDF Affected Products: Desktop Vulnerability Details: - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. It requires user interaction to exploit. - Flaw exists in parsing PDF files, resulting from improper validation of user-supplied data, leading to a read past the end of an allocated object. Can be exploited to execute arbitrary code. Disclosure Timeline: - 2025-06-19: Vulnerability reported to vendor - 2025-12-11: Coordinated public release of advisory - 2025-12-11: Advisory updated Credit: Rocco Calvi (@TecR0c) with TecSecurity Mitigation: Restrict interaction with the product to mitigate the vulnerability.