Primary

Context

Soda PDF Desktop Remote Code Execution Vulnerability Due to Insufficient UI Warning in Launch Action

Vulnerability

A remote code execution vulnerability has been identified in Soda PDF Desktop. This issue arises from the Launch action's implementation, which allows the execution of potentially harmful scripts without adequate user notification. Exploitation of this vulnerability requires user interaction, as the target must open a malicious file or visit a harmful webpage. Once exploited, the arbitrary code is executed in the context of the user.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running under the current user's privileges.

Remediation

Given the nature of this vulnerability, the recommended mitigation strategy is to limit interactions with the affected product.

Added: Dec 23, 2025, 10:35 PM

Updated: Dec 23, 2025, 10:35 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.4

remediation

7.9

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.4

remediation

7.9

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Soda PDF Desktop Remote Code Execution Vulnerability Due to Insufficient UI Warning in Launch Action

Vulnerability

Impact

Remediation

Affected Products

Soda PDF Desktop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating