CVE-2025-55310Download of Code Without Integrity Check in PDF Editor

CWE-494Download of Code Without Integrity Check4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 99.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedDec 11

Description

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor2023.1.0.555832023.3.0.63083+7
NVDfoxit/pdf_reader2025.1.0.66692+1

🔴Vulnerability Details

2
GHSA
GHSA-jmfx-3636-425m: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 132025-12-11
CVEList
CVE-2025-55310: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 132025-12-11

🕵️Threat Intelligence

1
Wiz
CVE-2025-55310 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-55310 — Foxit PDF Editor vulnerability | cvebase