CVE-2025-55197 – CVE-2025-55197 is a denial-of-service vulnerabi... (How to Fix)

📋 TL;DR

CVE-2025-55197 is a denial-of-service vulnerability in pypdf where specially crafted PDF files with malicious FlateDecode filters can cause RAM exhaustion. This affects all applications using pypdf versions before 6.0.0 to process PDF files. Attackers can trigger this by simply having the vulnerable library read a malicious PDF.

💻 Affected Systems

Products:

pypdf

Versions: All versions before 6.0.0

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Any application importing and using pypdf to process PDF files is vulnerable. The vulnerability triggers on file reading for cross-reference streams and on explicit access for other content streams.

📦 What is this software?

Pypdf by Pypdf Project

View all CVEs affecting Pypdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to RAM exhaustion, potentially causing service disruption, data loss, or system crashes.

🟠

Likely Case

Application crashes or becomes unresponsive when processing malicious PDFs, leading to denial of service for PDF-related functionality.

🟢

If Mitigated

Limited impact with proper input validation and resource limits, but still potential for targeted DoS attacks.

🌐 Internet-Facing: HIGH - Any internet-facing service that processes PDF uploads or downloads using pypdf is vulnerable to DoS attacks.

🏢 Internal Only: MEDIUM - Internal systems processing PDFs could be targeted by malicious insiders or compromised accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept exists in GitHub issues. Exploitation requires only a malicious PDF file and the ability to have it processed by vulnerable pypdf.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.0

Vendor Advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m

Restart Required: No

Instructions:

1. Update pypdf to version 6.0.0 or later using pip: pip install --upgrade pypdf==6.0.0
2. Verify the update with: pip show pypdf
3. Test PDF processing functionality after update.

🔧 Temporary Workarounds

Manual code patch

all

Apply the fixed decompress function from pypdf 6.0.0 to existing installations

Replace pypdf/filters.py lines 72-143 with the fixed code from https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143

🧯 If You Can't Patch

Implement strict input validation and file size limits for PDF uploads
Isolate PDF processing to dedicated containers with memory limits and automatic restart policies

🔍 How to Verify

Check if Vulnerable:

Check pypdf version: python -c "import pypdf; print(pypdf.__version__)" - if version is less than 6.0.0, system is vulnerable.

Check Version:

python -c "import pypdf; print(pypdf.__version__)"

Verify Fix Applied:

After update, verify version is 6.0.0 or higher and test processing known malicious PDFs from GitHub issues.

📡 Detection & Monitoring

Log Indicators:

High memory usage spikes during PDF processing
Application crashes or restarts when handling PDF files
Unusually large PDF file processing attempts

Network Indicators:

Multiple PDF upload attempts from single source
PDF files with unusual size patterns or compression

SIEM Query:

source="application.logs" AND ("pypdf" OR "PDF processing") AND ("memory" OR "crash" OR "restart")

📊 Metadata

CVE ID: CVE-2025-55197

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.09% exploit probability (24.9th percentile)

Published: August 13, 2025

Last Updated: August 15, 2025

🔗 References

https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143 Product
https://github.com/py-pdf/pypdf/issues/3429 Issue Tracking
https://github.com/py-pdf/pypdf/pull/3430 Patch
https://github.com/py-pdf/pypdf/releases/tag/6.0.0 Release Notes
https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55197, you might also want to check these: