CVE-2025-55313

CWE-94Code Injection4 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 95.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedDec 11

Description

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor2023.1.0.155102023.3.0.23028+6
NVDfoxit/pdf_reader2025.1.0.27937+1

🔴Vulnerability Details

2
GHSA
GHSA-9p5v-prq2-fhfw: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 132025-12-11
CVEList
CVE-2025-55313: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 132025-12-11

🕵️Threat Intelligence

1
Wiz
CVE-2025-55313 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-55313 (HIGH CVSS 7.8) | An issue was discovered in Foxit PD | cvebase.io