CVE-2026-25925
HIGH WAF: Medium
CVSS 7.8
Published: 2026-02-09
CWE-502
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.
WAF Coverage Analysis
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| modery | powerdocu | up to 2.4.0 |
References
- github.com (Product, Release Notes)
- github.com (Exploit, Mitigation, Vendor Advisory)