CVE-2025-62707 – CVE-2025-62707 is a denial-of-service vulnerabi... (How to Fix)

📋 TL;DR

CVE-2025-62707 is a denial-of-service vulnerability in pypdf, a popular Python PDF library. Attackers can craft malicious PDFs with inline images using DCTDecode filters that cause infinite loops during parsing, leading to resource exhaustion. This affects any application using vulnerable versions of pypdf to process untrusted PDF files.

💻 Affected Systems

Products:

pypdf

Versions: All versions prior to 6.1.3

Operating Systems: All operating systems where pypdf is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects parsing of PDF content streams with inline images using DCTDecode filters.

📦 What is this software?

Pypdf by Pypdf Project

View all CVEs affecting Pypdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial-of-service where the application becomes unresponsive, consumes all available CPU resources, and requires process termination.

🟠

Likely Case

Application hangs or crashes when processing malicious PDFs, disrupting PDF-related functionality.

🟢

If Mitigated

Minimal impact with proper input validation and resource limits in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only a malicious PDF file; no authentication or special privileges needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.3

Vendor Advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265

Restart Required: No

Instructions:

1. Update pypdf using pip: pip install --upgrade pypdf==6.1.3
2. Verify the update with: pip show pypdf
3. Test PDF processing functionality after update.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of PDF files before processing, rejecting files with suspicious inline image structures.

Resource limiting

all

Set CPU time limits or process timeouts for PDF parsing operations to prevent infinite loops from consuming resources.

🧯 If You Can't Patch

Implement strict file upload controls to only accept PDFs from trusted sources.
Deploy web application firewalls (WAF) with PDF parsing protection rules.

🔍 How to Verify

Check if Vulnerable:

Check pypdf version with: pip show pypdf | grep Version

Check Version:

pip show pypdf | grep Version

Verify Fix Applied:

Confirm version is 6.1.3 or higher with: pip show pypdf | grep Version

📡 Detection & Monitoring

Log Indicators:

High CPU usage spikes during PDF processing
Application timeouts or crashes when handling PDF files
Repeated PDF parsing errors

Network Indicators:

Multiple PDF upload attempts from single source
Unusual PDF file sizes or structures

SIEM Query:

source="application.logs" AND ("pypdf" OR "PDF parsing") AND ("timeout" OR "high cpu" OR "crash")

📊 Metadata

CVE ID: CVE-2025-62707

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-834

EPSS Score: 0.08% exploit probability (23.6th percentile)

Published: October 22, 2025

Last Updated: October 27, 2025

🔗 References

https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8 Patch
https://github.com/py-pdf/pypdf/pull/3501 Patch
https://github.com/py-pdf/pypdf/releases/tag/6.1.3 Release Notes
https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62707, you might also want to check these: