CVE-2025-54869: FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service
(updated )
This is a significant Denial of Service (DoS) vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-54869 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →