CVE-2025-15569
📋 TL;DR
This vulnerability in Artifex MuPDF on Windows allows local attackers to exploit an uncontrolled search path issue in the get_system_dpi function. Attackers could potentially execute arbitrary code by placing malicious DLLs in directories searched by the application. Only Windows users running MuPDF versions up to 1.26.1 are affected.
💻 Affected Systems
- Artifex MuPDF
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise via arbitrary code execution with the privileges of the MuPDF process.
Likely Case
Local user could execute malicious code with the privileges of the MuPDF user, potentially leading to data theft or further system access.
If Mitigated
With proper access controls and limited user privileges, impact would be contained to the user's own environment without system-wide compromise.
🎯 Exploit Status
Requires local access and specific conditions to place malicious DLLs in search paths. Attack complexity is rated as high by vulnerability databases.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.26.2
Vendor Advisory: https://artifex.com/
Restart Required: No
Instructions:
1. Download MuPDF 1.26.2 from official sources. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Verify installation with version check.
🔧 Temporary Workarounds
Restrict DLL search paths
windowsUse Windows policies or application controls to restrict where MuPDF can load DLLs from
Use Windows AppLocker or similar to restrict DLL loading to trusted directories
Remove unnecessary privileges
windowsRun MuPDF with limited user privileges to reduce impact if exploited
Run as standard user instead of administrator
🧯 If You Can't Patch
- Restrict local access to systems running vulnerable MuPDF versions
- Implement application whitelisting to prevent execution of unauthorized DLLs
🔍 How to Verify
Check if Vulnerable:
Check MuPDF version: if version is 1.26.1 or earlier on Windows, system is vulnerableCheck Version:
mupdf --version or check program properties in WindowsVerify Fix Applied:
Verify MuPDF version is 1.26.2 or later after patching📡 Detection & Monitoring
Log Indicators:
- Unusual DLL loading from non-standard paths
- Process creation anomalies from MuPDF
Network Indicators:
- Not applicable - local attack only
SIEM Query:
Process creation where parent process contains 'mupdf' AND command line contains unusual DLL paths