Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-14425

4 documents4 sources
Severity
7.8HIGH
EPSS
19.5%
top 4.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Foxitsoftware Foxit Reader
Timeline
PublishedNov 2
Latest updateMay 24

Description

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDfoxitsoftware/foxit_reader9.7.110.0.0

🔴Vulnerability Details

2
GHSA
GHSA-9f4c-vrch-393x: Foxit Reader before 102022-05-24
CVEList
CVE-2020-14425: Foxit Reader before 102020-11-02

💥Exploits & PoCs

1
Exploit-DB
Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)2020-11-02
CVE-2020-14425 (HIGH CVSS 7.8) | Foxit Reader before 10.0 allows Rem | cvebase.io