CVE-2025-65875

CVE-2025-65875 : Concrete details across sources show an arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier. The root cause is that crafted PHP files can be uploaded, enabling arbitrary code execution. Affected component: FPDF library (FPDF AddFont). Impact is...

FPDF 安全漏洞

FPDF is a PDF file generation tool developed by Setasign GmbH & Co. KG. Versions of FPDF prior to 1.86 contain security vulnerabilities; these vulnerabilities stem from the AddFont function, which allows arbitrary file uploads, potentially enabling the execution of arbitrary code...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

PT-2026-5950

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated PDFs. Workaround This vulnerability can be...

jsPDF has Local File Inclusion/Path Traversal vulnerability

Impact User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node proce...