CVE-2025-15569

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

CVSS v3 7.0 HIGH
CVSS v2.0 6.0 MEDIUM

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://artifex.com/
https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zip
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ebb125334eb007d64e579204af3c264aadf2e244
https://vuldb.com/?ctiid.344924
https://vuldb.com/?id.344924
https://vuldb.com/?submit.750978

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado un fallo en Artifex MuPDF hasta la versión 1.26.1 en Windows. El elemento afectado es la función get_system_dpi del archivo platform/x11/win_main.c. Esta manipulación provoca una ruta de búsqueda incontrolada. El ataque requiere acceso local. Se considera que el ataque tiene alta complejidad. La explotabilidad se considera difícil. Actualizar a la versión 1.26.2 es suficiente para resolver este problema. Nombre del parche: ebb125334eb007d64e579204af3c264aadf2e244. Se recomienda actualizar el componente afectado.

10 Feb 2026, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 11:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-15569

Mitre link : CVE-2025-15569

CVE.ORG link : CVE-2025-15569

JSON object : View

Products Affected

No product.

CWE

CWE-426

Untrusted Search Path

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2025-15569", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-10T11:16:10.897", "references": [{"url": "https://artifex.com/", "source": "cna@vuldb.com"}, {"url": "https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zip", "source": "cna@vuldb.com"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ebb125334eb007d64e579204af3c264aadf2e244", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.344924", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.344924", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.750978", "source": "cna@vuldb.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended."}, {"lang": "es", "value": "Se ha encontrado un fallo en Artifex MuPDF hasta la versi\u00f3n 1.26.1 en Windows. El elemento afectado es la funci\u00f3n get_system_dpi del archivo platform/x11/win_main.c. Esta manipulaci\u00f3n provoca una ruta de b\u00fasqueda incontrolada. El ataque requiere acceso local. Se considera que el ataque tiene alta complejidad. La explotabilidad se considera dif\u00edcil. Actualizar a la versi\u00f3n 1.26.2 es suficiente para resolver este problema. Nombre del parche: ebb125334eb007d64e579204af3c264aadf2e244. Se recomienda actualizar el componente afectado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cna@vuldb.com"}