CVE-2025-43903: Medium severity poppler data vulnerability
Published Apr 18, 2025
·Updated
Last updated 30 April 2025
Other sources
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
— NVD
Affected Software
3 affected componentsFixes available
Poppler Poppler<25.04.0
debian/poppler<=20.09.0-3.1+deb11u1, <=20.09.0-3.1+deb11u2, <=22.12.0-2
25.03.0-4
Freedesktop poppler<25.04.0
Remediation
Event History
Apr 18, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
RemedyAffected Software
May 4, 2025
Data Sourced
via Ubuntu·05:35 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43903?
CVE-2025-43903 has a severity rating indicating a medium risk of signature forgeries due to improper verification of signatures.
2
How do I fix CVE-2025-43903?
To fix CVE-2025-43903, it is recommended to upgrade Poppler to version 25.04.0 or later.
3
What impact does CVE-2025-43903 have on document security?
CVE-2025-43903 allows potential attackers to forge document signatures, compromising document integrity.
4
Which versions of Poppler are affected by CVE-2025-43903?
Poppler versions prior to 25.04.0 are affected by CVE-2025-43903.
5
Where can I find more information about CVE-2025-43903?
Further details about CVE-2025-43903 can be found in the commit history and security advisories related to Poppler.