CVE-2026-25880

Name of the Vulnerable Software and Affected Versions SumatraPDF versions prior to 3.5.3

Description SumatraPDF, a multi-format reader for Windows, allows execution of a malicious binary, specifically explorer.exe, located in the same directory as an opened PDF file. This occurs when a user clicks File → “Show in folder”. This behavior can lead to arbitrary code execution on the victim’s system with the privileges of the current user, requiring only a menu click for exploitation.

Recommendations Update SumatraPDF to version 3.5.3 or later.