Browse all 5 CVE security advisories affecting PDFsam. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PDFsam is an open-source tool for splitting, merging, and rotating PDF documents. Historically, it has been affected by multiple remote code execution vulnerabilities, often due to insecure deserialization and improper input validation in its Java-based components. Cross-site scripting (XSS) flaws have also been identified in web-based versions. The application's security posture has been inconsistent, with several critical flaws discovered between 2018-2022 that allowed attackers to execute arbitrary code through crafted PDF files. While no major public security incidents have been documented, the presence of five CVEs indicates ongoing security challenges in handling untrusted document inputs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14405 | PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability — EnhancedCWE-427 | 8.4AI | HighAI | 2025-12-23 |
| CVE-2025-14404 | PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability — EnhancedCWE-356 | 7.8AI | HighAI | 2025-12-23 |
| CVE-2025-14403 | PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability — EnhancedCWE-356 | 7.8AI | HighAI | 2025-12-23 |
| CVE-2025-14402 | PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability — EnhancedCWE-356 | 7.8AI | HighAI | 2025-12-23 |
| CVE-2025-14401 | PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerability — EnhancedCWE-125 | 7.8AI | HighAI | 2025-12-23 |
This page lists every published CVE security advisory associated with PDFsam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.