CVE-2025-64085 – A NULL pointer dereference vulnerability in PDF... (How to Fix)

Q: What is the severity of CVE-2025-64085?

CVE-2025-64085 has a CVSS score of 7.5 (HIGH). A NULL pointer dereference vulnerability in PDF-XChange Editor v10.7.3.401 allows attackers to crash the application via specially crafted PDF files, causing denial of service. This affects users who open untrusted PDF documents with the vulnerable software version.

📋 TL;DR

A NULL pointer dereference vulnerability in PDF-XChange Editor v10.7.3.401 allows attackers to crash the application via specially crafted PDF files, causing denial of service. This affects users who open untrusted PDF documents with the vulnerable software version.

💻 Affected Systems

Products:

PDF-XChange Editor

Versions: v10.7.3.401

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; other versions may be unaffected.

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash requiring restart, potential data loss if unsaved work is open, and disruption to business processes relying on PDF viewing/editing.

🟠

Likely Case

Application crash when opening malicious PDF files, requiring user intervention to restart the software and potentially losing unsaved work.

🟢

If Mitigated

No impact if proper controls prevent opening untrusted PDFs or if software is patched.

🌐 Internet-Facing: MEDIUM - Attackers could embed malicious PDFs in websites or emails, but requires user interaction to open.

🏢 Internal Only: LOW - Requires internal users to open malicious files, which is less likely in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to open a crafted PDF file; no authentication or special privileges needed beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor website for latest version

Vendor Advisory: https://www.pdf-xchange.com/

Restart Required: Yes

Instructions:

1. Visit https://www.pdf-xchange.com/
2. Download and install the latest version of PDF-XChange Editor
3. Restart the application and any related services.

🔧 Temporary Workarounds

Restrict PDF file sources

all

Only open PDF files from trusted sources; implement policies to block untrusted PDFs.

Use alternative PDF viewer

windows

Temporarily use a different PDF viewer until patched.

🧯 If You Can't Patch

Implement application whitelisting to restrict PDF-XChange Editor execution
Deploy endpoint protection to detect and block malicious PDF files

🔍 How to Verify

Check if Vulnerable:

Check PDF-XChange Editor version in Help > About; if version is 10.7.3.401, it is vulnerable.

Check Version:

Not applicable for GUI application; use Help > About menu.

Verify Fix Applied:

After updating, verify version is no longer 10.7.3.401 in Help > About.

📡 Detection & Monitoring

Log Indicators:

Application crash logs from PDF-XChange Editor
Windows Event Logs showing application failures

Network Indicators:

Unusual PDF file downloads from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName="PDF-XChange Editor"

📊 Metadata

CVE ID: CVE-2025-64085

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.07% exploit probability (21.1th percentile)

Published: December 9, 2025

Last Updated: December 10, 2025

🔗 References

https://jeroscope.com/advisories/2025/jero-2025-012/ Exploit,Third Party Advisory
https://www.pdf-xchange.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64085, you might also want to check these: