CVE-2025-6656: 
PDF-XChange Editor vulnerability analysis and mitigation

PDF-XChange Editor contains an out-of-bounds read information disclosure vulnerability (CVE-2025-6656) that was discovered and reported through the Zero Day Initiative program and publicly disclosed on June 25, 2025. The vulnerability affects PDF-XChange Editor version 10.5.2.395 and requires user interaction for exploitation (ZDI Advisory, Wiz Analysis).

The vulnerability stems from improper validation of user-supplied data during the parsing of PRC files, which can result in a read past the end of an allocated object. The issue has been assigned a CVSS v3.0 base score of 3.3 (LOW) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified as CWE-125 (Out-of-bounds Read) (ZDI Advisory).

When successfully exploited, this vulnerability allows attackers to disclose sensitive information from affected PDF-XChange Editor installations. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

PDF-XChange has released version 10.6.0.396 to address this vulnerability. Users are advised to apply the security update available through the official security bulletin (PDF-XChange Bulletin).