A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-7620, has been discovered in a cross-browser document creation component used in multiple products from The (Digitware System Integration Corporation). This high-severity flaw can be exploited by an unauthenticated remote attacker to gain complete control over an affected system. Successful exploitation could lead to significant data breaches, system compromise, and widespread service disruption.

The vulnerability exists within the cross-browser document creation component developed by Digitware System Integration Corporation. An attacker can exploit this flaw by sending a specially crafted document or data stream to the vulnerable component. When the application processes this malicious input, it triggers an error that allows the attacker's arbitrary code to be executed on the server with the permissions of the running application, leading to a full system compromise. The attack can be launched over the network and does not require authentication or user interaction.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. A successful exploit grants an attacker full control over the affected server, directly impacting confidentiality, integrity, and availability. Potential consequences include theft of sensitive corporate or customer data, installation of ransomware, destruction of critical information, and using the compromised system as a pivot point to attack other internal network resources. The business could face severe financial loss, regulatory fines, reputational damage, and loss of customer trust.

Immediate Action: Per vendor guidance, organizations must apply the released security patches immediately, prioritizing all internet-facing systems. After patching, it is crucial to review system and application access logs for any signs of compromise that may have occurred prior to remediation.

Proactive Monitoring: Security teams should actively monitor for any signs of exploitation. This includes looking for unusual processes spawned by the application's service account, unexpected outbound network connections from affected servers, and anomalies or error messages in application logs related to document processing. Intrusion Detection Systems (IDS) and Web Application Firewalls (WAF) should be updated with signatures to detect and block attempts to exploit this vulnerability.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Restrict network access to the vulnerable application component to only trusted IP ranges.
• Deploy a Web Application Firewall (WAF) with virtual patching rules to inspect and block malicious payloads targeting the document creation function.
• Ensure the application is running under a service account with the least possible privileges to limit the impact of a potential compromise.

Public Exploit Available: False

This vulnerability represents a critical threat to the organization and must be addressed with the highest priority. The potential for unauthenticated remote code execution on internet-facing systems necessitates immediate action. We strongly recommend adhering to the remediation plan by applying vendor patches to all affected systems without delay, starting with external-facing assets. If patching is delayed for any reason, compensating controls must be implemented immediately to mitigate the significant risk of compromise.