CVE-2025-63918

MEDIUM

PDFPatcher < 1.1.3.4663 - Path Traversal and Arbitrary File Write via Image Export

Title source: llm

Description

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations.

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/cydtseng/Vulnerability-Research/blob/main/pdfpatcher/DirectoryTraversal-ImageExport.md

View Exploit ZIP pw:eip

Product

https://github.com/wmjordan/PDFPatcher

Product

https://www.cnblogs.com/pdfpatcher

Scores

CVSS v3 6.2

EPSS 0.0035

EPSS Percentile 26.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

cnblogs/pdfpatcher < 1.1.3.4663

Published Nov 17, 2025

Tracked Since Feb 18, 2026