CVE-2025-6653: 
PDF-XChange Editor vulnerability analysis and mitigation

PDF-XChange Editor contains an out-of-bounds read information disclosure vulnerability (CVE-2025-6653) that was discovered and reported through the Zero Day Initiative. The vulnerability affects PDF-XChange Editor version 10.5.2.395 and was disclosed on June 25, 2025. This security flaw requires user interaction, specifically opening a malicious file or visiting a malicious page, to be exploited (ZDI Advisory, Wiz Report).

The vulnerability stems from improper validation of user-supplied data during the parsing of PRC files, which can result in a read past the end of an allocated buffer. The issue has been assigned a CVSS v3.0 base score of 3.3 (Low) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified as CWE-125 (Out-of-bounds Read) (ZDI Advisory).

When successfully exploited, this vulnerability allows attackers to disclose sensitive information on affected installations of PDF-XChange Editor. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

PDF-XChange has released version 10.6.0.396 to address this vulnerability. Users are advised to apply the latest security update available through the official PDF-XChange support portal (PDF-XChange Security).