Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
26 vulnerabilities by Foxit Software Inc.
CVE-2026-3774 (GCVE-0-2026-3774)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:11
VLAI?
Title
Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
Summary
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.
Severity ?
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
|
Credits
Titus Vollbracht, Sören Borgstedt, Christian Mainka, Vladislav Mladenov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:15:18.808122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:37.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Titus Vollbracht, S\u00f6ren Borgstedt, Christian Mainka, Vladislav Mladenov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script\u2011driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen."
}
],
"value": "The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script\u2011driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:11:11.364Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3774",
"datePublished": "2026-04-01T01:40:39.223Z",
"dateReserved": "2026-03-08T03:42:24.474Z",
"dateUpdated": "2026-04-02T02:11:11.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3775 (GCVE-0-2026-3775)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:11
VLAI?
Title
Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Summary
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.
Severity ?
7.8 (High)
CWE
- CWE-427 - DLL Hijacking
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
|
|||||||
|
|||||||||
Credits
Erik Egsgard of Field Effect working with TrendAI Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:16:37.847431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:46.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Erik Egsgard of Field Effect working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low\u2011privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user\u2011writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution."
}
],
"value": "The application\u0027s update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low\u2011privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user\u2011writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: DLL Hijacking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:11:52.749Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3775",
"datePublished": "2026-04-01T01:40:36.975Z",
"dateReserved": "2026-03-08T03:42:27.208Z",
"dateUpdated": "2026-04-02T02:11:52.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3776 (GCVE-0-2026-3776)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:12
VLAI?
Title
Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation
Summary
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-476 - NULL pointer dereference
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|||||||
|
|||||||||
Credits
Suyue Guo from UCSB Seclab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:16:53.743286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:55.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."
}
],
"value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:12:28.499Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3776",
"datePublished": "2026-04-01T01:40:35.260Z",
"dateReserved": "2026-03-08T03:43:23.264Z",
"dateUpdated": "2026-04-02T02:12:28.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3780 (GCVE-0-2026-3780)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:14
VLAI?
Title
Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
Summary
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
Severity ?
7.3 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
|||||||
|
|||||||||
Credits
Kara Zaffarano
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:17:32.017921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:01.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kara Zaffarano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation."
}
],
"value": "The application\u0027s installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:14:27.519Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3780",
"datePublished": "2026-04-01T01:40:33.511Z",
"dateReserved": "2026-03-08T03:43:30.840Z",
"dateUpdated": "2026-04-02T02:14:27.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3778 (GCVE-0-2026-3778)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:13
VLAI?
Title
Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader
Summary
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.
Severity ?
6.2 (Medium)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|||||||
|
|||||||||
Credits
Suyue Guo from UCSB Seclab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:18:05.816279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:11.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes."
}
],
"value": "The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Stack overflow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:13:28.588Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3778",
"datePublished": "2026-04-01T01:40:31.681Z",
"dateReserved": "2026-03-08T03:43:26.764Z",
"dateUpdated": "2026-04-02T02:13:28.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3779 (GCVE-0-2026-3779)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:14
VLAI?
Title
Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability
Summary
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|||||||
|
|||||||||
Credits
KPC of Cisco Talos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-01T03:06:18.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:18:37.648755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:18.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "KPC of Cisco Talos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."
}
],
"value": "The application\u0027s list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:14:05.708Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3779",
"datePublished": "2026-04-01T01:40:29.712Z",
"dateReserved": "2026-03-08T03:43:28.979Z",
"dateUpdated": "2026-04-02T02:14:05.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3777 (GCVE-0-2026-3777)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:12
VLAI?
Title
Use after free of view cache in Foxit PDF Editor/Reader
Summary
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.
Severity ?
5.5 (Medium)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|||||||
|
|||||||||
Credits
Suyue Guo from UCSB Seclab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:19:00.361361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:25.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution."
}
],
"value": "The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:12:55.076Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use after free of view cache in Foxit PDF Editor/Reader",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3777",
"datePublished": "2026-04-01T01:40:27.829Z",
"dateReserved": "2026-03-08T03:43:24.941Z",
"dateUpdated": "2026-04-02T02:12:55.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4947 (GCVE-0-2026-4947)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:15
VLAI?
Title
Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign
Summary
Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.
Severity ?
7.1 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | na1.foxitesign.foxit.com |
Affected:
before 2026-03-26
|
Credits
Vedant Roy of Ultimate Kronos Group(UKG)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:19:17.594576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:36.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "na1.foxitesign.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2026-03-26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vedant Roy of Ultimate Kronos Group(UKG)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing."
}
],
"value": "Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Horizontal Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:15:11.035Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-4947",
"datePublished": "2026-04-01T01:40:26.137Z",
"dateReserved": "2026-03-27T03:21:37.486Z",
"dateUpdated": "2026-04-02T02:15:11.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1592 (GCVE-0-2026-1592)
Vulnerability from cvelistv5 – Published: 2026-02-03 07:59 – Updated: 2026-02-04 16:09
VLAI?
Title
Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud
Summary
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2026‑02‑03
|
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:09:30.096311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:09:38.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2026\u201102\u201103"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFoxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103.\u003c/p\u003e"
}
],
"value": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.\n\nThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T08:05:44.550Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-1592",
"datePublished": "2026-02-03T07:59:13.097Z",
"dateReserved": "2026-01-29T07:31:16.225Z",
"dateUpdated": "2026-02-04T16:09:38.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1591 (GCVE-0-2026-1591)
Vulnerability from cvelistv5 – Published: 2026-02-03 07:57 – Updated: 2026-02-03 18:47
VLAI?
Title
Stored XSS via Attachments Feature in https://pdfonline.foxit.com/
Summary
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2026‑02‑03
|
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T18:46:55.314220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T18:47:39.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2026\u201102\u201103"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFoxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103.\u003c/p\u003e"
}
],
"value": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.\n\nThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T08:06:08.674Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS via Attachments Feature in https://pdfonline.foxit.com/",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-1591",
"datePublished": "2026-02-03T07:57:27.281Z",
"dateReserved": "2026-01-29T07:31:14.294Z",
"dateUpdated": "2026-02-03T18:47:39.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66523 (GCVE-0-2025-66523)
Vulnerability from cvelistv5 – Published: 2026-01-20 06:51 – Updated: 2026-01-20 18:08
VLAI?
Title
Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com via Unsanitized URL Parameters
Summary
URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.
This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | na1.foxitesign.foxit.com |
Affected:
before 2026‑01‑16
|
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T18:07:34.333089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T18:08:07.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "na1.foxitesign.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2026\u201101\u201116"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eURL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/div\u003e\n\n\u003cp\u003eThis issue affects na1.foxitesign.foxit.com: before 2026\u201101\u201116.\u003c/p\u003e"
}
],
"value": "URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.\n\n\n\n\n\n\nThis issue affects na1.foxitesign.foxit.com: before 2026\u201101\u201116."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T06:51:34.771Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com via Unsanitized URL Parameters",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66523",
"datePublished": "2026-01-20T06:51:34.771Z",
"dateReserved": "2025-12-04T03:37:51.889Z",
"dateUpdated": "2026-01-20T18:08:07.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66522 (GCVE-0-2025-66522)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:34 – Updated: 2025-12-19 14:36
VLAI?
Title
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field
Summary
A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the Digital IDs dialog is accessed or when the affected PDF is loaded.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2025‑12‑01
|
Date Public ?
2025-11-30 16:00
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:34:54.934596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:36:38.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2025\u201112\u201101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"datePublic": "2025-11-30T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nA stored cross-site scripting (XSS) vulnerability exists in the \u003cstrong\u003eDigital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com)\u003c/strong\u003e. The application does not properly sanitize or encode the \u003cstrong\u003eCommon Name\u003c/strong\u003e field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the \u003cstrong\u003eDigital IDs dialog\u003c/strong\u003e is accessed or when the affected PDF is loaded.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the Digital IDs dialog is accessed or when the affected PDF is loaded."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:33:02.137Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66522",
"datePublished": "2025-12-19T07:34:29.208Z",
"dateReserved": "2025-12-04T03:37:51.889Z",
"dateUpdated": "2025-12-19T14:36:38.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66521 (GCVE-0-2025-66521)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:33 – Updated: 2025-12-19 16:06
VLAI?
Title
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature
Summary
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the Trusted Certificates view is loaded.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2025‑12‑01
|
Date Public ?
2025-11-30 16:00
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:38:35.741855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:06:20.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2025\u201112\u201101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"datePublic": "2025-11-30T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nA stored cross-site scripting (XSS) vulnerability exists in \u003cstrong\u003epdfonline.foxit.com\u003c/strong\u003e within the \u003cstrong\u003eTrusted Certificates feature\u003c/strong\u003e. A crafted payload can be injected as the \u003cstrong\u003ecertificate name\u003c/strong\u003e, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the \u003cstrong\u003eTrusted Certificates\u003c/strong\u003e view is loaded.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the Trusted Certificates view is loaded."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:32:50.377Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66521",
"datePublished": "2025-12-19T07:33:01.761Z",
"dateReserved": "2025-12-04T03:37:51.889Z",
"dateUpdated": "2025-12-19T16:06:20.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66520 (GCVE-0-2025-66520)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:30 – Updated: 2025-12-19 14:41
VLAI?
Title
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling
Summary
A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a crafted SVG may execute whenever the Portfolio file list is rendered.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2025‑12‑01
|
Date Public ?
2025-11-30 16:00
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:40:49.738524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:41:00.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2025\u201112\u201101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"datePublic": "2025-11-30T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nA stored cross-site scripting (XSS) vulnerability exists in the \u003cstrong\u003ePortfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com)\u003c/strong\u003e. User-supplied \u003cstrong\u003eSVG files\u003c/strong\u003e are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a crafted SVG may execute whenever the \u003cstrong\u003ePortfolio file list\u003c/strong\u003e is rendered.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a crafted SVG may execute whenever the Portfolio file list is rendered."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:32:37.658Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66520",
"datePublished": "2025-12-19T07:30:20.745Z",
"dateReserved": "2025-12-04T03:37:51.889Z",
"dateUpdated": "2025-12-19T14:41:00.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66519 (GCVE-0-2025-66519)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:27 – Updated: 2025-12-19 14:42
VLAI?
Title
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Layer Import Functionality
Summary
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected script executes when the Layers panel is accessed.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2025‑12‑01
|
Date Public ?
2025-11-30 16:00
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:41:57.541062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:42:10.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2025\u201112\u201101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"datePublic": "2025-11-30T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA stored cross-site scripting (XSS) vulnerability exists in \u003cstrong\u003epdfonline.foxit.com\u003c/strong\u003e within the \u003cstrong\u003eLayer Import functionality\u003c/strong\u003e. A crafted payload can be injected into the \u003cstrong\u003e\u201cCreate new Layer\u201d\u003c/strong\u003e field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected script executes when the \u003cstrong\u003eLayers panel\u003c/strong\u003e is accessed.\u003c/p\u003e"
}
],
"value": "A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the \u201cCreate new Layer\u201d field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected script executes when the Layers panel is accessed."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:32:26.200Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Layer Import Functionality",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66519",
"datePublished": "2025-12-19T07:27:54.834Z",
"dateReserved": "2025-12-04T03:37:51.888Z",
"dateUpdated": "2025-12-19T14:42:10.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66502 (GCVE-0-2025-66502)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:25 – Updated: 2025-12-19 14:43
VLAI?
Title
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature
Summary
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected PDF is loaded.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2025‑12‑01
|
Date Public ?
2025-11-30 16:00
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:43:28.925893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:43:38.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2025\u201112\u201101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"datePublic": "2025-11-30T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored cross-site scripting (XSS) vulnerability exists in \u003cstrong\u003epdfonline.foxit.com\u003c/strong\u003e within the \u003cstrong\u003ePage Templates feature\u003c/strong\u003e. A crafted payload can be stored as the \u003cstrong\u003etemplate name\u003c/strong\u003e, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected PDF is loaded."
}
],
"value": "A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected PDF is loaded."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:27:38.146Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66502",
"datePublished": "2025-12-19T07:25:25.646Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T14:43:38.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66501 (GCVE-0-2025-66501)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:23 – Updated: 2025-12-19 17:12
VLAI?
Title
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature
Summary
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the injected script may execute when predefined text is used or when viewing document properties.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | pdfonline.foxit.com |
Affected:
before 2025‑12‑01
|
Date Public ?
2025-11-30 16:00
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:09:56.590040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:12:02.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pdfonline.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2025\u201112\u201101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"datePublic": "2025-11-30T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored cross-site scripting (XSS) vulnerability exists in \u003cstrong\u003epdfonline.foxit.com\u003c/strong\u003e within the \u003cstrong\u003ePredefined Text feature of the Foxit eSign section\u003c/strong\u003e. A crafted payload can be stored via the \u003cstrong\u003eIdentity \u201cFirst Name\u201d field\u003c/strong\u003e, which is later rendered into the DOM without proper sanitization. As a result, the injected script may execute when predefined text is used or when viewing document properties."
}
],
"value": "A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity \u201cFirst Name\u201d field, which is later rendered into the DOM without proper sanitization. As a result, the injected script may execute when predefined text is used or when viewing document properties."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:27:24.786Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66501",
"datePublished": "2025-12-19T07:23:29.090Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:12:02.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66500 (GCVE-0-2025-66500)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:16 – Updated: 2025-12-19 17:14
VLAI?
Title
Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability
Summary
A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foxit Software Inc. | webplugins.foxit.com |
Affected:
before 2025‑12‑01
|
Credits
Novee
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:12:37.236206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:14:25.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "webplugins.foxit.com",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "before 2025\u201112\u201101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Novee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored cross-site scripting (XSS) vulnerability exists in \u003cstrong\u003ewebplugins.foxit.com\u003c/strong\u003e. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute \u003cstrong\u003earbitrary JavaScript\u003c/strong\u003e when a crafted postMessage is received."
}
],
"value": "A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary JavaScript execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:27:02.620Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66500",
"datePublished": "2025-12-19T07:16:49.986Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:14:25.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66499 (GCVE-0-2025-66499)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:11 – Updated: 2025-12-19 17:16
VLAI?
Title
Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability
Summary
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|||||||
|
|||||||||
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:15:51.634690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:16:14.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap-based buffer overflow vulnerability exists in the \u003cstrong\u003ePDF parsing of Foxit PDF Reader\u003c/strong\u003e when processing \u003cstrong\u003especially crafted JBIG2 data\u003c/strong\u003e. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a \u003cstrong\u003eremote attacker to execute arbitrary code\u003c/strong\u003e."
}
],
"value": "A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:11:50.238Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66499",
"datePublished": "2025-12-19T07:11:50.238Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:16:14.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66498 (GCVE-0-2025-66498)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:11 – Updated: 2025-12-19 17:18
VLAI?
Title
Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
Summary
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|||||||
|
|||||||||
Date Public ?
2025-12-18 16:00
Credits
Mat Powell of Trend of Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:17:35.374601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:18:05.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mat Powell of Trend of Trend Micro Zero Day Initiative"
}
],
"datePublic": "2025-12-18T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory corruption vulnerability exists in the \u003cstrong\u003e3D annotation handling of Foxit PDF Reader\u003c/strong\u003e due to insufficient bounds checking when parsing \u003cstrong\u003eU3D data\u003c/strong\u003e. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.\n\n\u003cbr\u003e"
}
],
"value": "A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Memory corruption"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:11:12.216Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66498",
"datePublished": "2025-12-19T07:11:12.216Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:18:05.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66497 (GCVE-0-2025-66497)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:10 – Updated: 2025-12-19 17:18
VLAI?
Title
Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
Summary
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|||||||
|
|||||||||
Credits
Mat Powell of Trend of Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:18:28.141641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:18:44.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mat Powell of Trend of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory corruption vulnerability exists in the \u003cstrong\u003e3D annotation handling of Foxit PDF Reader\u003c/strong\u003e due to insufficient bounds checking when parsing \u003cstrong\u003ePRC data\u003c/strong\u003e. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.\n\n\u003cbr\u003e"
}
],
"value": "A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Memory corruption"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:10:30.669Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66497",
"datePublished": "2025-12-19T07:10:30.669Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:18:44.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66496 (GCVE-0-2025-66496)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:10 – Updated: 2025-12-19 17:19
VLAI?
Title
Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
Summary
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|||||||
|
|||||||||
Credits
Mat Powell of Trend of Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:19:00.959474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:19:26.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mat Powell of Trend of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory corruption vulnerability exists in the \u003cstrong\u003e3D annotation handling of Foxit PDF Reader\u003c/strong\u003e due to insufficient bounds checking when parsing \u003cstrong\u003ePRC data\u003c/strong\u003e. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.\n\n\u003cbr\u003e"
}
],
"value": "A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Memory corruption"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:10:13.239Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66496",
"datePublished": "2025-12-19T07:10:13.239Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:19:26.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66495 (GCVE-0-2025-66495)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:09 – Updated: 2025-12-19 14:45
VLAI?
Title
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Summary
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|||||||
|
|||||||||
Credits
KX.H working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:45:11.448267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:45:26.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "KX.H working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.\n\n\u003cbr\u003e"
}
],
"value": "A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:09:09.594Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66495",
"datePublished": "2025-12-19T07:09:09.594Z",
"dateReserved": "2025-12-03T01:33:55.297Z",
"dateUpdated": "2025-12-19T14:45:26.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66494 (GCVE-0-2025-66494)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:08 – Updated: 2025-12-19 14:49
VLAI?
Title
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
Summary
A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|||||||
|
|||||||||
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:49:11.512345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:49:35.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.\n\n\u003cbr\u003e"
}
],
"value": "A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:08:51.349Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66494",
"datePublished": "2025-12-19T07:08:51.349Z",
"dateReserved": "2025-12-03T01:33:55.297Z",
"dateUpdated": "2025-12-19T14:49:35.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66493 (GCVE-0-2025-66493)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:07 – Updated: 2025-12-19 14:51
VLAI?
Title
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
Summary
A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1
on Windows
. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and earlier |
|||||||
|
|||||||||
Date Public ?
2025-12-18 16:00
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:50:42.933142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:51:03.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"datePublic": "2025-12-18T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 \n\non Windows\n\n. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code."
}
],
"value": "A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 \n\non Windows\n\n. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:08:06.682Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66493",
"datePublished": "2025-12-19T07:07:43.476Z",
"dateReserved": "2025-12-03T01:33:55.297Z",
"dateUpdated": "2025-12-19T14:51:03.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13941 (GCVE-0-2025-13941)
Vulnerability from cvelistv5 – Published: 2025-12-19 01:51 – Updated: 2025-12-19 14:53
VLAI?
Title
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Summary
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|||||||
|
|||||||||
Date Public ?
2025-12-18 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T14:53:32.249737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T14:53:45.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"datePublic": "2025-12-18T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges."
}
],
"value": "A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T09:49:02.914Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-13941",
"datePublished": "2025-12-19T01:51:22.461Z",
"dateReserved": "2025-12-03T01:32:27.232Z",
"dateUpdated": "2025-12-19T14:53:45.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}