Back to CVE List

CVE-2026-25925

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.8 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Description

PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-502
Source
NVD
Vendor
modery
Product
PowerDocu

External References

Discussion (0)

Add Comment

No comments yet. Be the first!