CVE-2025-43903

CWE-3477 documents7 sources
Severity
3.3LOW
EPSS
0.0%
top 87.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedApr 18
Latest updateApr 29

Description

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

CVEListV5freedesktop/poppler< 25.04.0
NVDfreedesktop/poppler< 25.04.0
Debianpoppler< 25.03.0-4+1

Patches

Patch: gitlab.freedesktop.org

🔴Vulnerability Details

3
OSV
CVE-2025-43903: NSSCryptoSignBackend2025-04-18
CVEList
CVE-2025-43903: NSSCryptoSignBackend2025-04-18
GHSA
GHSA-4w9g-4h2x-7qxq: NSSCryptoSignBackend2025-04-18

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2025-04-29
Red Hat
poppler: SignatureValue not checked within SignerInfo2025-04-18
Debian
CVE-2025-43903: poppler - NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7...2025
CVE-2025-43903 (LOW CVSS 3.3) | NSSCryptoSignBackend.cc in Poppler | cvebase.io