{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25880", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-06T21:08:39.129Z", "datePublished": "2026-02-09T21:10:59.964Z", "dateUpdated": "2026-02-10T15:58:14.407Z"}, "containers": {"cna": {"title": "Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)", "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "lang": "en", "description": "CWE-426: Untrusted Search Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5x4h-247q-px37", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5x4h-247q-px37"}], "affected": [{"vendor": "sumatrapdfreader", "product": "sumatrapdf", "versions": [{"version": "<= 3.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-09T21:10:59.964Z"}, "descriptions": [{"lang": "en", "value": "SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File \u2192 \u201cShow in folder\u201d. This behavior leads to arbitrary code execution on the victim\u2019s system with the privileges of the current user, without any warning or user interaction beyond the menu click."}], "source": {"advisory": "GHSA-5x4h-247q-px37", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T15:32:06.285596Z", "id": "CVE-2026-25880", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:58:14.407Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25880", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T15:32:06.285596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:32:07.012Z"}}], "cna": {"title": "Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)", "source": {"advisory": "GHSA-5x4h-247q-px37", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "sumatrapdfreader", "product": "sumatrapdf", "versions": [{"status": "affected", "version": "<= 3.5.2"}]}], "references": [{"url": "https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5x4h-247q-px37", "name": "https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5x4h-247q-px37", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File \u2192 \u201cShow in folder\u201d. This behavior leads to arbitrary code execution on the victim\u2019s system with the privileges of the current user, without any warning or user interaction beyond the menu click."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426: Untrusted Search Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-09T21:10:59.964Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25880", "state": "PUBLISHED", "dateUpdated": "2026-02-10T15:58:14.407Z", "dateReserved": "2026-02-06T21:08:39.129Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-09T21:10:59.964Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sumatrapdfreader:sumatrapdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D48C2C6-E8BC-471E-B59A-236F038EBC0C", "versionEndIncluding": "3.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File \u2192 \u201cShow in folder\u201d. This behavior leads to arbitrary code execution on the victim\u2019s system with the privileges of the current user, without any warning or user interaction beyond the menu click."}, {"lang": "es", "value": "SumatraPDF es un lector multiformato para Windows. En la versi\u00f3n 3.5.2 y anteriores, el lector de PDF permite la ejecuci\u00f3n de un binario malicioso (explorer.exe) ubicado en el mismo directorio que el PDF abierto cuando el usuario hace clic en Archivo ? 'Mostrar en carpeta'. Este comportamiento conduce a la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema de la v\u00edctima con los privilegios del usuario actual, sin ninguna advertencia ni interacci\u00f3n del usuario m\u00e1s all\u00e1 del clic en el men\u00fa."}], "id": "CVE-2026-25880", "lastModified": "2026-02-23T18:14:13.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-09T22:16:03.267", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5x4h-247q-px37"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.5.2]"}}], "product": "sumatrapdf", "vendor": "sumatrapdfreader"}], "analysis": {"en": {"generated_at": "2026-04-17T21:10:16.347251+00:00", "value": {"mitigation_remediation": ["Upgrade SumatraPDF to a patched version (3.5.3 or later) released by the vendor.", "If an update cannot be applied immediately, enforce execution restrictions on the directories used by SumatraPDF\u2014for example, apply NTFS ACLs or AppLocker rules that block execution of binaries from those folders.", "Disable or avoid the \u2018Show in folder\u2019 menu option, or train users to refrain from using it so that no unintended executables are launched."], "summary": {"action": "Patch Now", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Windows users who run SumatraPDF Reader version\u00a03.5.2 or earlier are impacted; no other vendors or products are known to be affected.", "description_and_impact": "SumatraPDF versions 3.5.2 and earlier allow a malicious binary that resides in the same directory as an opened PDF to be executed when the user selects File \u2192\u00a0\u2018Show\u00a0in\u00a0folder\u2019. The application therefore launches the binary (in this case explorer.exe) without warning or further user interaction, giving the process the privileges of the current user and enabling arbitrary code execution.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.8, indicating high severity, while its EPSS score is below 1%, implying a low current exploitation probability. The exploit requires a local user to open a PDF and click the menu item, and an attacker must place a malicious executable next to the PDF; because of these prerequisites the threat is moderate, but the potential impact is critical."}}}}, "created": "2026-02-10T11:35:05.693740+00:00", "updated": "2026-04-17T21:15:27.383880+00:00", "vendors": ["sumatrapdfreader", "sumatrapdfreader$PRODUCT$sumatrapdf"]}