CVE-2025-43903 MEDIUM

CVE-2025-43903

Vendor Freedesktop
Product Poppler
Weakness CWE-347
Published April 18, 2025
Last update April 21, 2025

CVSS base score

4.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

Key dates

02Disclosure timeline

April 18, 2025 CVE published
April 21, 2025 Record updated