CVE-2025-55309
published 2025-12-11CVE-2025-55309: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an…
medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | pdf_editor | <= 13.1.7.63027 | — |
| foxit | pdf_editor | <= 13.1.7.23637 | — |
| foxit | pdf_editor | — | — |
| foxit | pdf_editor | — | — |
| foxit | pdf_editor | 2023.1.0.15510 – 2023.3.0.23028 | — |
| foxit | pdf_editor | 2023.1.0.55583 – 2023.3.0.63083 | — |
| foxit | pdf_editor | 2024.1.0.23997 – 2024.4.1.27687 | — |
| foxit | pdf_editor | 2024.1.0.63682 – 2024.4.1.66479 | — |
| foxit | pdf_reader | <= 2025.1.0.66692 | — |
| foxit | pdf_reader | <= 2025.1.0.27937 | — |