CVE-2025-13941Incorrect Permission Assignment in PDF Editor

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 96.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Foxit PDF EditorFoxit PDF ReaderFoxit Software INC Foxit PDF Editor+1 more
Timeline
PublishedDec 19

Description

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages4 packages

NVDfoxit/pdf_editor14.0.0.3304614.0.1.33197+4
NVDfoxit/pdf_reader2025.2.1.33197
CVEListV5foxit_software_inc/foxit_pdf_editorVersions 13.2.1 and eariler, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2
CVEListV5foxit_software_inc/foxit_pdf_readerVersions 13.2.1 and eariler, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2

🔴Vulnerability Details

2
GHSA
GHSA-rhhc-xvm8-7w83: A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service2025-12-19
CVEList
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability2025-12-19

🕵️Threat Intelligence

1
Wiz
CVE-2025-13941 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-13941 — Incorrect Permission Assignment | cvebase