CVE-2025-14412 – This vulnerability in Soda PDF Desktop allows r... (How to Fix)

Q: What is the severity of CVE-2025-14412?

CVE-2025-14412 has a CVSS score of 7.8 (HIGH). This vulnerability in Soda PDF Desktop allows remote attackers to execute arbitrary code by tricking users into opening malicious XLS files. The software fails to provide adequate warnings about dangerous script execution within these files. All users running vulnerable versions of Soda PDF Desktop are affected.

📋 TL;DR

This vulnerability in Soda PDF Desktop allows remote attackers to execute arbitrary code by tricking users into opening malicious XLS files. The software fails to provide adequate warnings about dangerous script execution within these files. All users running vulnerable versions of Soda PDF Desktop are affected.

💻 Affected Systems

Products:

Soda PDF Desktop

Versions: Specific version range not provided in advisory, but all versions before the patch are likely affected

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction to open malicious XLS files. All default installations are vulnerable.

📦 What is this software?

Soda Pdf by Sodapdf

View all CVEs affecting Soda Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Malware installation, credential theft, and data exfiltration from the compromised user's account.

🟢

If Mitigated

Limited impact due to application sandboxing, user privilege restrictions, or network segmentation preventing lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically simple once malicious file is opened. ZDI has confirmed the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-25-1085/

Restart Required: Yes

Instructions:

1. Open Soda PDF Desktop
2. Navigate to Help > Check for Updates
3. Install available updates
4. Restart the application

🔧 Temporary Workarounds

Disable XLS file association

windows

Prevent Soda PDF from automatically opening XLS files

1. Right-click any XLS file
2. Select 'Open with' > 'Choose another app'
3. Select a different application (e.g., Excel)
4. Check 'Always use this app to open .xls files'

Block XLS files at perimeter

all

Prevent malicious XLS files from reaching users

🧯 If You Can't Patch

Restrict user privileges to standard user accounts (not administrator)
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Soda PDF Desktop version against vendor's patched version list

Check Version:

Open Soda PDF Desktop > Help > About

Verify Fix Applied:

Verify Soda PDF Desktop version is updated to patched version

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from Soda PDF
Multiple XLS file openings from untrusted sources
Soda PDF crashing with memory-related errors

Network Indicators:

Outbound connections from Soda PDF to unknown IPs
DNS requests for suspicious domains following XLS file opening

SIEM Query:

Process Creation where ParentImage contains 'SodaPDF' and CommandLine contains '.xls'

📊 Metadata

CVE ID: CVE-2025-14412

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-356

EPSS Score: 0.07% exploit probability (21.9th percentile)

Published: December 23, 2025

Last Updated: January 21, 2026

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-1085/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14412, you might also want to check these: