CVE-2025-15569

low-risk

Published 2026-02-10

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

References (6)

https://artifex.com/

https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zip

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ebb125334eb00...

https://vuldb.com/?ctiid.344924

https://vuldb.com/?id.344924

https://vuldb.com/?submit.750978

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal