Cyber Resilience

CVE-2025-67432

High

Published: 12 February 2026

Published
12 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 18.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67432 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-67432 is a stack-based buffer overflow vulnerability, classified under CWE-121, in the ZBarcode_Encode function of the Monkeybread Software MBS DynaPDF Plugin version 21.3.1.1. This flaw enables attackers to induce a Denial of Service (DoS) by providing a specially crafted input that overflows the stack. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its network accessibility and potential for high availability disruption without affecting confidentiality or integrity.

Any unauthenticated attacker with network access to a system running the vulnerable plugin can exploit this issue with low attack complexity and no user interaction required. By delivering a malicious input to the ZBarcode_Encode function, the attacker triggers the stack overflow, causing the application to crash and rendering the service unavailable until restart or recovery.

Advisories and additional details, including potential mitigation guidance, are available in the referenced GitHub gists: https://gist.github.com/Hyobin/818f52535929ec471d234bab67d94987 and https://gist.github.com/transparencybeam/818f52535929ec471d234bab67d94987. Security practitioners should review these for plugin updates or workarounds, such as input validation or upgrading to a patched version if available.

EU & UK References

Vulnerability details

A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Stack-based buffer overflow in ZBarcode_Encode directly enables application crash via crafted input, matching Endpoint DoS through software exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2020-37198Shared CWE-121
CVE-2019-25328Shared CWE-121
CVE-2025-1758Shared CWE-121
CVE-2026-36837Shared CWE-121
CVE-2019-25340Shared CWE-121
CVE-2025-50659Shared CWE-121
CVE-2020-37122Shared CWE-121
CVE-2020-37136Shared CWE-121
CVE-2019-25341Shared CWE-121
CVE-2025-70252Shared CWE-121

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification and remediation of the stack overflow flaw in the MBS DynaPDF Plugin via patching or upgrades.

prevent

Enforces validation of inputs to the ZBarcode_Encode function to block crafted data causing stack overflows.

prevent

Implements memory protections such as stack canaries and non-executable stacks to mitigate stack-based buffer overflows.

References