CVE-2025-55307
published 2025-12-11CVE-2025-55307: An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to…
low3.3CVSS 3.1
AVLACLPRNUIRSUCLINAN
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | pdf_editor | <= 13.1.7.23637 | — |
| foxit | pdf_editor | — | — |
| foxit | pdf_editor | 2023.1.0.15510 – 2023.3.0.23028 | — |
| foxit | pdf_editor | 2024.1.0.23997 – 2024.4.1.27687 | — |
| foxit | pdf_reader | <= 2025.1.0.27937 | — |