CVE-2026-25925 (GCVE-0-2026-25925)

Vulnerability from cvelistv5 – Published: 2026-02-09 21:59 – Updated: 2026-02-11 21:22
VLAI
Title
PowerDocu Affected by Remote Code Execution via Insecure Deserialization
Summary
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.
Severity
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
modery PowerDocu Affected: < 2.4.0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25925",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T21:22:37.654118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T21:22:45.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PowerDocu",
          "vendor": "modery",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T21:59:08.335Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw"
        },
        {
          "name": "https://github.com/modery/PowerDocu/releases/tag/v-2.4.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/modery/PowerDocu/releases/tag/v-2.4.0"
        }
      ],
      "source": {
        "advisory": "GHSA-m8j2-5jr7-2jpw",
        "discovery": "UNKNOWN"
      },
      "title": "PowerDocu Affected by Remote Code Execution via Insecure Deserialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25925",
    "datePublished": "2026-02-09T21:59:08.335Z",
    "dateReserved": "2026-02-09T16:22:17.785Z",
    "dateUpdated": "2026-02-11T21:22:45.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-25925",
      "date": "2026-06-15",
      "epss": "0.00274",
      "percentile": "0.18895"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-25925\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-09T22:16:04.607\",\"lastModified\":\"2026-02-28T00:13:57.360\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.\"},{\"lang\":\"es\",\"value\":\"PowerDocu contiene un ejecutable GUI de Windows para realizar documentaciones t\u00e9cnicas. Antes de la versi\u00f3n 2.4.0, PowerDocu conten\u00eda una vulnerabilidad de seguridad cr\u00edtica en la forma en que analiza los archivos JSON dentro de paquetes de Flow o de aplicaciones. La aplicaci\u00f3n conf\u00eda ciegamente en la propiedad $type en los archivos JSON, permitiendo a un atacante instanciar objetos .NET arbitrarios y ejecutar c\u00f3digo. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 2.4.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:modery:powerdocu:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.0\",\"matchCriteriaId\":\"72BD01ED-2860-4AA0-B857-EFD869020F19\"}]}]}],\"references\":[{\"url\":\"https://github.com/modery/PowerDocu/releases/tag/v-2.4.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25925\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-11T21:22:37.654118Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-11T21:22:42.755Z\"}}], \"cna\": {\"title\": \"PowerDocu Affected by Remote Code Execution via Insecure Deserialization\", \"source\": {\"advisory\": \"GHSA-m8j2-5jr7-2jpw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"modery\", \"product\": \"PowerDocu\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.4.0\"}]}], \"references\": [{\"url\": \"https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw\", \"name\": \"https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/modery/PowerDocu/releases/tag/v-2.4.0\", \"name\": \"https://github.com/modery/PowerDocu/releases/tag/v-2.4.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502: Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-09T21:59:08.335Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-25925\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-11T21:22:45.286Z\", \"dateReserved\": \"2026-02-09T16:22:17.785Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-09T21:59:08.335Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.