Modern PDF platforms can now function as full attack gateways rather than passive document viewers.

That’s according to a new report out today from artificial intelligence offensive security startup Novee Cyber Security Ltd., which identifies 16 exploitable vulnerabilities across two widely deployed PDF ecosystems, Foxit Software Inc. and Apryse Software Inc.

The report warns that PDF viewers are inheriting complex trust-boundary and dataflow risks typically associated with web applications. In several cases, opening a malicious document or visiting a crafted URL was sufficient to trigger code execution or data exposure without exploiting the browser or operating system. The vulnerabilities were found to span client-side viewers, embedded plugins and server-side PDF services.

The issues include document object model or DOM-based cross-site scripting through remote configuration and message handlers, server-side request forgery with data exfiltration channels, path traversal in backend collaboration services, and operating system command injection within PDF software development kit components.

Many of the weaknesses found by Novee’s researchers stem from how untrusted input from PDFs, web addresses or messages propagates across JavaScript engines, WebAssembly components, cross-origin iframes and backend rendering services without consistent validation.

Novee describes the attack chains as moving from an initial document, URL or embedded message through client-side state, iframe boundaries or postMessage handlers into high-risk sinks such as DOM rendering, internal network requests, filesystem access or operating system command execution.

In multiple scenarios, a single malicious PDF or crafted link was found to be enough to achieve exploitation under a trusted origin or back-end service, expanding the impact beyond document rendering to account takeover, persistent cross-user compromise or back-end remote code execution.

The research methodology used by the researchers centered on a multi-agent large language model system designed to generalize trust-boundary failures from a small set of confirmed vulnerabilities. One agent was found to enumerate high-impact sinks and traced backward to build source-to-sink chains. Another resolved dynamic code paths that static tools could not verify. A third converted confirmed chains into working proof-of-concept exploits.

The vulnerabilities detailed in the report were disclosed before publication following responsible a disclosure process, with remediation efforts conducted alongside affected vendors.

“As document platforms grow more powerful, they also become more dangerous when trust assumptions fail,” note the report’s authors. “The findings show how easily a familiar, widely trusted component can turn into a foothold for full system compromise. For attackers, PDFs are no longer just files. They are execution paths.”

Image: SiliconANGLE/Ideogram