Home / Vulnerability Intelligence / CVE-2025-69627

CVE-2025-69627 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: April 14, 2026

Nitro PDF Pro - Use After Free

Published: April 13, 2026Updated: April 14, 2026

Overview

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability caused by premature freeing of an internal XID object in this.mailDoc() JavaScript method, letting attackers cause crashes or access violations, exploit requires crafted JavaScript.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Attackers can cause application crashes or access violations, leading to denial of service or potential memory corruption.

Mitigation

Update to the latest version of Nitro PDF Pro for Windows.

References

http://nitro.com
https://jeroscope.com/advisories/2025/jero-2025-016/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-69627
Severity: High
CVSS Score: 8.4
Type: use_after_free
Status: new

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H