Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2026-25925

Good to know:

icon
icon

Date: February 9, 2026

PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.

Severity Score

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-25925
https://github.com/modery/PowerDocu/releases/tag/v-2.4.0
https://github.com/modery/PowerDocu/security/advisories/GHSA-m8j2-5jr7-2jpw
https://www.mend.io/vulnerability-database/CVE-2026-25925

Severity Score

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/modery/PowerDocu.git - v-2.4.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us