{
  "threat_severity" : "Important",
  "public_date" : "2026-02-19T14:41:46Z",
  "bugzilla" : {
    "description" : "jsPDF: PDF object injection via unsanitized input in addJS method",
    "id" : "2440993",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2440993"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-94",
  "details" : [ "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method.", "A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structure, resulting in arbitrary code execution when a user opens a PDF with a viewer that supports embedded scripts." ],
  "statement" : "To exploit this flaw, an attacker must be able to supply a specially crafted payload to the application using the addJS method and convince a user to open the generated PDF document with a viewer that supports embedded scripts. Due to these reasons, this vulnerability has been rated with an important severity.",
  "affected_release" : [ {
    "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8",
    "release_date" : "2026-04-08T00:00:00Z",
    "advisory" : "RHSA-2026:7110",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8",
    "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:5533b87f5a3c9df67608236393d31507dd2b1f0af0ca787997f9dfed44222d9d"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9",
    "release_date" : "2026-04-08T00:00:00Z",
    "advisory" : "RHSA-2026:7128",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8",
    "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:433c4926f5a93402642d459c627a1ecf65e101a42bcce4042c36858205b93be9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-25755\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25755\nhttps://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md\nhttps://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437\nhttps://github.com/parallax/jsPDF/releases/tag/v4.2.0\nhttps://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp" ],
  "name" : "CVE-2026-25755",
  "mitigation" : {
    "value" : "To mitigate this vulnerability, sanitize the user-provided JavaScript code before passing it to the addJS method by strictly escaping backslashes and parentheses. Additionally, do not open PDF documents from untrusted sources.",
    "lang" : "en:us"
  },
  "csaw" : false
}