CVE-2025-15569— Artifex MuPDF win_main.c get_system_dpi uncontrolled search path

CVSS 7.0 · High EPSS 0.02% · P4 Updated Feb 23, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-15569

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Artifex MuPDF win_main.c get_system_dpi uncontrolled search path

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

对搜索路径元素未加控制

Source: NVD (National Vulnerability Database)

Vulnerability Title

artifex mupdf 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

artifex mupdf是个人开发者的一款富文本编辑器。富文本编辑器不同于文本编辑器，程序员可到网上下载免费的富文本编辑器内嵌于自己的网站或程序里（当然付费的功能会更强大些），方便用户编辑文章或信息。 artifex mupdf 1.26.1及之前版本存在代码问题漏洞，该漏洞源于函数get_system_dpi存在不受控的搜索路径。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Artifex	MuPDF	1.26.0	`cpe:2.3:a:artifex:mupdf::::::::`

II. Public POCs for CVE-2025-15569

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-15569

请登录查看更多情报信息。

https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zippatch
CVE-2025-15569 Artifex MuPDF win_main.c get_system_dpi uncontrolled search path (ID 708617)vdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2025-15569

IV. Related Vulnerabilities

Same product: MuPDF

Same vendor: Artifex

Same weakness: CWE-427

V. Comments for CVE-2025-15569

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-15569— Artifex MuPDF win_main.c get_system_dpi uncontrolled search path

I. Basic Information for CVE-2025-15569

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-15569

III. Intelligence Information for CVE-2025-15569

IV. Related Vulnerabilities

V. Comments for CVE-2025-15569

Leave a comment