Critical Zero-Day Flaws in PDF Software Risk Data Exposure

Critical Zero-Day Flaws in PDF Software Risk Data Exposure

Posted on By CWS

Significant security vulnerabilities have been uncovered in popular PDF platforms, posing a serious risk to enterprises globally. A total of 16 zero-day flaws, including critical OS Command Injection, DOM-based XSS, SSRF, and Path Traversal vulnerabilities, have been identified in Apryse WebViewer and Foxit PDF cloud services.

Details of the Discovered Vulnerabilities

The vulnerabilities were disclosed by Novee Security, which utilized a combination of AI and human expertise to identify these risks in widely used PDF platforms. The flawed systems affect millions of users, making it crucial for enterprises to address these security gaps immediately.

Both Apryse and Foxit were informed of these vulnerabilities under a responsible disclosure process, allowing them to release patches and mitigations before publicizing the issues.

Research Methodology and Vulnerability Impact

Apryse WebViewer’s architecture, which includes a React-based UI, a JavaScript/WebAssembly document engine, and a server-side SDK, was found to have significant trust boundary failures. These inadequacies in input validation were the root cause of the vulnerabilities.

Novee Security’s approach involved a blend of human intelligence and AI agents. The process included identifying vulnerability patterns and encoding these into agents designed to systematically explore and exploit these issues across the platform.

Particularly concerning is the Critical OS Command Injection vulnerability (CVSS 9.8) found in the Foxit PDF SDK for Web, allowing full remote code execution with a single POST request.

Specific Vulnerabilities and Recommendations

Among the vulnerabilities, an SSRF issue in Apryse WebViewer’s server-side iFrame rendering allows unauthorized content rendering, posing a network security risk. Apryse’s uiConfig parameter flaw also enables Critical DOM XSS through unsanitized JSON data.

Furthermore, a high-severity Path Traversal flaw in Foxit’s Collaboration Add-on permits unauthorized directory access. Multiple stored XSS vulnerabilities were also identified across Foxit’s platform.

Enterprises using Apryse WebViewer or Foxit PDF SDK for Web are urged to apply the available patches promptly. Additionally, conducting a thorough audit of their systems, particularly focusing on input validation protocols, is recommended to prevent exploitation of these vulnerabilities.

Implementing strict Content-Security-Policy and postMessage origin validation is also advised to enhance security across PDF components.

Stay updated with the latest cybersecurity developments by following us on Google News, LinkedIn, and X.

Cyber Security News Tags:, , , , , , , , , , , , ,

Related Posts

Microsoft Defender for Endpoint Bug Triggers Numerous False BIOS Alerts Microsoft Defender for Endpoint Bug Triggers Numerous False BIOS Alerts Cyber Security News
Louis Vuitton Hacked – Attackers Stolen Customers Personal Data Louis Vuitton Hacked – Attackers Stolen Customers Personal Data Cyber Security News
Microsoft Teams Issue Blocks Users From Opening Embedded Office Documents Microsoft Teams Issue Blocks Users From Opening Embedded Office Documents Cyber Security News
Critical Dolby Codec Vulnerability Exposes Android Devices to Code Execution Attacks Critical Dolby Codec Vulnerability Exposes Android Devices to Code Execution Attacks Cyber Security News
Top Log Monitoring Tools to Watch in 2026 Top Log Monitoring Tools to Watch in 2026 Cyber Security News
Hackers Exploited 73 0-Day Vulnerabilities and Earned ,024,750 Hackers Exploited 73 0-Day Vulnerabilities and Earned $1,024,750 Cyber Security News