CVE-2026-25925 – PowerDocu Affected by Remote Code Execution via Insecure Deserialization

CVE ID : CVE-2026-25925

Published : Feb. 9, 2026, 9:59 p.m. | 22 minutes ago

Description : PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…