CVE-2025-14413

Name of the Vulnerable Software and Affected Versions Soda PDF Desktop (affected versions not specified)

Description A flaw exists in the parsing of CBZ files within Soda PDF Desktop, allowing remote attackers to potentially execute arbitrary code. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The issue stems from insufficient validation of user-supplied paths before they are used in file operations, which could allow an attacker to execute code with the privileges of the current user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.