CVE-2025-59802

CWE-2904 documents4 sources
Severity
7.5HIGH
EPSS
0.0%
top 89.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedDec 11

Description

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfoxit/pdf_editor2023.1.0.555832023.3.0.63083+11
NVDfoxit/pdf_reader2025.2.0.68868+1

🔴Vulnerability Details

2
GHSA
GHSA-rr6v-3f8x-4hwg: Foxit PDF Editor and Reader before 20252025-12-11
CVEList
CVE-2025-59802: Foxit PDF Editor and Reader before 20252025-12-11

🕵️Threat Intelligence

1
Wiz
CVE-2025-59802 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-59802 (HIGH CVSS 7.5) | Foxit PDF Editor and Reader before | cvebase.io