CVE-2025-66493

CWE-416 — Use After Free4 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 81.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxit PDF Editor Foxit PDF Reader Foxit Software Inc. Foxit PDF Editor +1 more

Timeline

PublishedDec 19

Description

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDfoxit/pdf_editor14.0.0.33046 — 14.0.1.33197+4

▶NVDfoxit/pdf_reader2025.2.1.33197

▶CVEListV5foxit_software_inc./foxit_pdf_editorVersions 13.2.1 and earlier, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2

▶CVEListV5foxit_software_inc./foxit_pdf_readerVersions 13.2.1 and earlier, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2

🔴Vulnerability Details

GHSA

GHSA-2xr7-8qgr-hch2: A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025↗2025-12-19

▶

CVEList

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability↗2025-12-19

▶

🕵️Threat Intelligence

Wiz

CVE-2025-66493 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶