CVE-2025-6641: 
PDF-XChange Editor vulnerability analysis and mitigation

CVE-2025-6641 is an Out-Of-Bounds Read Information Disclosure vulnerability affecting PDF-XChange Editor. The vulnerability was discovered and publicly disclosed on June 25, 2025. This security flaw specifically impacts the U3D file parsing functionality in PDF-XChange Editor version 10.5.2.395 (NVD, ZDI Advisory).

The vulnerability exists within the parsing of U3D files in PDF-XChange Editor. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. The vulnerability has been assigned a CVSS v3.1 score of 3.3 (Low) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating local access is required and user interaction is necessary for exploitation (ZDI Advisory).

When successfully exploited, this vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. The impact is considered low severity, but the vulnerability can potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

PDF-XChange has released version 10.6.0.396 to address this vulnerability. Users are advised to update to the latest version of the software. The security update specifically addresses potential issues where the application could be exposed to Out-of-Bounds Read vulnerability (Security Bulletin).