Bitwarden PDF File Handler Vulnerability Let Attackers Upload Malicious PDF Files

[Shane1145]

A critical cross-site scripting (XSS) vulnerability has been discovered in the popular password manager Bitwarden, affecting versions up to 2.25.1.

The security flaw, designated as CVE-2025-5138, resides in the PDF File Handler component and allows attackers to upload malicious PDF files that can execute arbitrary code when viewed by users.

https://cybersecuritynews.com/bitwarden ... erability/