CVE-2025-14415

Name of the Vulnerable Software and Affected Versions Soda PDF Desktop (affected versions not specified)

Description A flaw exists in the implementation of the Launch action within Soda PDF Desktop, allowing remote attackers to execute arbitrary code on affected installations. User interaction is required, specifically the target must visit a malicious page or open a malicious file. The issue stems from the execution of dangerous script without providing a user warning. An attacker can leverage this to execute code within the context of the current user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.