exploitDog

CVE-2025-67825

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity.

Ссылки

https://gonitro.com
Product
https://www.gonitro.com/documentation/release-notes
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:gonitro:nitro_pdf_pro:*:*:*:*:*:*:*:*

Версия до 14.42.0.34 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 0%

0.00002

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-346

Связанные уязвимости

GHSA-r4j5-j8m6-jr6p

CVSS3: 9.8

github

30 дней назад

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity.

EPSS

Процентиль: 0%

0.00002

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-346