Cyber Resilience

CVE-2025-69627

High

Published: 13 April 2026

Published
13 April 2026
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 9.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-69627 is a high-severity Use After Free (CWE-416) vulnerability in Gonitro Nitro Pdf Pro. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 9.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-69627 is a heap use-after-free vulnerability (CWE-416) in Nitro PDF Pro for Windows version 14.41.1.4. The flaw occurs in the implementation of the JavaScript method this.mailDoc(), where an internal XID object is allocated and then freed prematurely. The freed pointer is subsequently passed into UI and logging helper functions, which may process unpredictable heap data or remnants of attacker-controlled JavaScript strings. This leads downstream routines, such as wcscmp(), to handle invalid or stale pointers, resulting in access violations and non-deterministic crashes.

The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited by a local attacker requiring no privileges or user interaction, with low attack complexity and unchanged scope. Exploitation can achieve high impacts on confidentiality, integrity, and availability, potentially through the processing of stale pointers in a way that enables broader memory corruption beyond crashes.

Advisories providing further details, including potential mitigations or patches, are available from the vendor at http://nitro.com and from Jeroscope at https://jeroscope.com/advisories/2025/jero-2025-016/.

EU & UK References

Vulnerability details

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into…

more

UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may process invalid or stale pointers. This can result in access violations and non-deterministic crashes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

UAF in PDF JS handler enables client-side memory corruption/RCE when malicious PDF is processed.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-69624Same product: Gonitro Nitro Pdf Pro
CVE-2025-66769Same product: Gonitro Nitro Pdf Pro
CVE-2026-32157Same vendor: Microsoft
CVE-2026-40359Same vendor: Microsoft
CVE-2026-40358Same vendor: Microsoft
CVE-2026-20952Same vendor: Microsoft
CVE-2025-53731Same vendor: Microsoft
CVE-2026-40361Same vendor: Microsoft
CVE-2025-49724Same vendor: Microsoft
CVE-2026-40366Same vendor: Microsoft

Affected Assets

gonitro
nitro pdf pro
14.41.1.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the heap use-after-free vulnerability in Nitro PDF Pro by requiring timely application of vendor patches or updates.

prevent

Implements memory protection mechanisms such as heap integrity checks and address space randomization to mitigate exploitation of the use-after-free leading to memory corruption.

prevent

Restricts or blocks execution of JavaScript mobile code in PDF viewers, preventing invocation of the vulnerable this.mailDoc() method.

References