Bitwarden

Bitwarden

A critical cross-site scripting (XSS) vulnerability has been discovered in Bitwarden, affecting versions up to 2.25.1. The flaw, designated as CVE-2025-5138, resides in the PDF File Handler component, allowing attackers to upload malicious PDF files that can execute arbitrary code when viewed by users. Despite early notification, Bitwarden has not responded, leaving millions of users potentially vulnerable to remote attacks. The vulnerability has a CVSS v3.1 base score of 3.5, indicating moderate severity. Security experts recommend replacing Bitwarden with alternative solutions until a fix is available.

Source: https://cybersecuritynews.com/bitwarden-pdf-file-handler-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/bitwarden

"id": "bit135052625",
"linkid": "bitwarden",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"
{'affected_entities': [{'customers_affected': 'Millions of users',
                        'industry': 'Password Management',
                        'name': 'Bitwarden',
                        'type': 'Software Company'}],
 'attack_vector': 'Malicious PDF upload and execution',
 'data_breach': {'file_types_exposed': 'PDF files'},
 'description': 'A critical cross-site scripting (XSS) vulnerability has been '
                'discovered in the popular password manager Bitwarden, '
                'affecting versions up to 2.25.1. The security flaw, '
                'designated as CVE-2025-5138, resides in the PDF File Handler '
                'component and allows attackers to upload malicious PDF files '
                'that can execute arbitrary code when viewed by users. Despite '
                'early notification to the vendor, Bitwarden has not responded '
                'to the disclosure, leaving millions of users potentially '
                'vulnerable to remote attacks.',
 'impact': {'brand_reputation_impact': "Concerns about Bitwarden's incident "
                                       'response procedures',
            'data_compromised': 'Potential theft of sensitive information from '
                                "users' vaults",
            'systems_affected': 'Bitwarden versions ≤ 2.25.1 (PDF File Handler '
                                'component)'},
 'initial_access_broker': {'entry_point': 'PDF File Handler component'},
 'lessons_learned': 'Implement strict file upload validation, content security '
                    'policies, and regular security assessments to prevent '
                    'such vulnerabilities from compromising password '
                    'management infrastructure.',
 'motivation': ['Session hijacking',
                'Credential theft',
                'Unauthorized actions'],
 'post_incident_analysis': {'root_causes': 'Insufficient file type '
                                           'restrictions in Bitwarden’s '
                                           'Resources upload feature'},
 'recommendations': 'Organizations using affected versions should consider '
                    'replacing Bitwarden with alternative password management '
                    'solutions until a fix becomes available. Users should '
                    'exercise extreme caution when opening PDF attachments '
                    'within their Bitwarden vaults and avoid clicking on '
                    'unknown PDF files shared through the platform.',
 'title': 'Bitwarden PDF XSS Vulnerability',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-5138'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.