PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.
{
"cwe_ids": [
"CWE-502"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25925.json",
"cna_assigner": "GitHub_M"
}{
"cpe": "cpe:2.3:a:modery:powerdocu:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0"
}
],
"source": [
"AFFECTED_FIELD",
"CPE_RANGE",
"REFERENCES"
]
}