CVE-2025-55312

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 97.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedDec 11

Description

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor2023.1.0.555832023.3.0.63083+6
NVDfoxit/pdf_reader2025.1.0.66692+1

🔴Vulnerability Details

2
GHSA
GHSA-m4wx-hvh8-h9r5: An issue was discovered in Foxit PDF and Editor for Windows before 132025-12-11
CVEList
CVE-2025-55312: An issue was discovered in Foxit PDF and Editor for Windows before 132025-12-11

🕵️Threat Intelligence

1
Wiz
CVE-2025-55312 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-55312 (HIGH CVSS 7.8) | An issue was discovered in Foxit PD | cvebase.io