Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation...

7.8 / 10

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25793.

Basic Information

ID CVE-2025-14406

Source zdi

Published Dec 23, 2025 at 21:23

Affected Product

Vendor Soda PDF

Product Desktop

Version 14.0.437.22898

Affected Versions Soda PDF Desktop 14.0.437.22898

CWE Classification

CWE-427

References

www.zerodayinitiative.com /advisories/ZDI-25-1079/

{
    "lastseen": "",
    "description": "Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25793.",
    "published": "2025-12-23T21:23:36.076Z",
    "modified": "2025-12-23T21:23:36.076Z",
    "type": "cve",
    "title": "Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
    "source": "zdi",
    "references": "https://www.zerodayinitiative.com/advisories/ZDI-25-1079/",
    "id": "CVE-2025-14406",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "Soda PDF Desktop 14.0.437.22898",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Desktop",
    "version": "14.0.437.22898",
    "vendor": "Soda PDF",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability_CVE-2025-14406