PDFsam Enhanced Launch Action RCE via Unsafe Script Execution
CVE-2025-14403 Published on December 23, 2025
PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability
PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27500.
Weakness Type
Product UI does not Warn User of Unsafe Actions
The software's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system. Software systems should warn users that a potentially dangerous action may occur if the user proceeds. For example, if the user downloads a file from an unknown source and attempts to execute the file on their machine, then the application's GUI can indicate that the file is unsafe.
Affected Versions
PDFsam Enhanced Version 7.0.76.15222 is affected by CVE-2025-14403Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.