CVE-2025-55314

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 97.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedDec 11

Description

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor2023.1.0.155102023.3.0.23028+3
NVDfoxit/pdf_reader2025.1.0.27937

🔴Vulnerability Details

2
CVEList
CVE-2025-55314: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 132025-12-11
GHSA
GHSA-4hc9-w772-rxj2: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 132025-12-11

🕵️Threat Intelligence

1
Wiz
CVE-2025-55314 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-55314 (HIGH CVSS 7.8) | An issue was discovered in Foxit PD | cvebase.io