National Cyber Warfare Foundation (NCWF)

Critical jsPDF Vulnerability Enables Arbitrary File Read in Node.js (CVE-2025-68428)

0 user ratings

2026-01-13 03:54:10
milo
Blue Team (CND)

In January 2026, a critical security vulnerability was disclosed in jsPDF, a popular JavaScript library used to generate PDF documents. The issue, tracked as CVE-2025-68428, affects server-side Node.js deployments of jsPDF prior to version 4.0.0 and has been assigned a CVSS score of 9.2. The vulnerability is a path traversal issue that can be abused…

The post Critical jsPDF Vulnerability Enables Arbitrary File Read in Node.js (CVE-2025-68428) appeared first on Sentrium Security.

The post Critical jsPDF Vulnerability Enables Arbitrary File Read in Node.js (CVE-2025-68428) appeared first on Security Boulevard.

Theklis Stefani

Source: Security Boulevard
Source Link: https://securityboulevard.com/2026/01/critical-jspdf-vulnerability-enables-arbitrary-file-read-in-node-js-cve-2025-68428/

Comments	new comment
Nobody has commented yet. Will you be the first?

Forum

Blue Team (CND)

Critical jsPDF Vulnerability Enables Arbitrary File Read in Node.js (CVE-2025-68428)

Comments