What is CVE-2025-68428?

CVE-2025-68428 is a vulnerability in Parallax Jspdf, classified under Path Traversal: '.../...//'. Published 2026-01-05.

Is CVE-2025-68428 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Parallax Jspdf

CVE-2025-68428

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsaniti…

EPSS: 0.000 (9.1th percentile) — read the EPSS interpretation.

Affected products

Parallax Jspdf — versions < 4.0.0

Weakness classification (CWE)

Public proof-of-concept exploits

References

https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2 (x_refsource_CONFIRM)
https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d (x_refsource_MISC)
https://github.com/parallax/jsPDF/releases/tag/v4.0.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-68428?: CVE-2025-68428 is a vulnerability in Parallax Jspdf, classified under Path Traversal: '.../...//'. Published 2026-01-05.
Is CVE-2025-68428 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.