Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments | CSO Online

A critical jsPDF vulnerability (CVE-2025-68428) in Node.js deployments allowed attackers to read arbitrary files and embed them into PDFs. The path traversal bug, affecting versions 3.0.4 and earlier, has been fixed in version 4.0.0, but patching may require more than a simple version update due to Node.js permission mode complexities.