CVE-2025-54869

Vulnerability Description

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.

Related Weaknesses (CWE)

References

• https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0
• https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3

FAQ

What is CVE-2025-54869?

CVE-2025-54869 is a documented vulnerability. FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to proces...

How severe is CVE-2025-54869?

CVSS scoring is not yet available for CVE-2025-54869. Check NVD for updates.

Is there a patch for CVE-2025-54869?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.