CVE-2025-63917

Name of the Vulnerable Software and Affected Versions PDFPatcher versions through 1.1.3.4663

Description The software does not properly restrict XML external entity (XXE) references in its XML bookmark import functionality. The application utilizes .NET’s XmlDocument class without disabling external entity resolution, which could allow attackers to read arbitrary files from the victim’s filesystem, exfiltrate sensitive data through out-of-band (OOB) HTTP requests, perform server-side request forgery (SSRF) attacks against internal network resources, or cause a denial of service via entity expansion attacks.

Recommendations Versions prior to 1.1.3.4663 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.