CVE-2024-25858Multiple Interpretations of UI Input in PDF Editor

CWE-450Multiple Interpretations of UI Input3 documents3 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 78.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedMar 5

Description

In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor< 2024.4
NVDfoxit/pdf_reader< 2024.4

🔴Vulnerability Details

2
CVEList
CVE-2024-25858: In Foxit PDF Reader before 20242024-03-05
GHSA
GHSA-76hh-9ghf-c266: In Foxit PDF Reader before 20242024-03-05
CVE-2024-25858 — Multiple Interpretations of UI Input | cvebase