CVE-2025-66497

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 94.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxit PDF Editor Foxit PDF Reader Foxit Software Inc. Foxit PDF Editor +1 more

Timeline

PublishedDec 19

Description

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages4 packages

▶NVDfoxit/pdf_reader2025.2.1.33197+1

▶CVEListV5foxit_software_inc./foxit_pdf_readerVersions 13.2.1 and eariler, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2

▶NVDfoxit/pdf_editor14.0.0.33046 — 14.0.1.33197+9

▶CVEListV5foxit_software_inc./foxit_pdf_editorVersions 13.2.1 and eariler, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2

🔴Vulnerability Details

GHSA

GHSA-53hw-7r73-89x3: A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data↗2025-12-19

▶

CVEList

Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability↗2025-12-19

▶

🕵️Threat Intelligence

Wiz

CVE-2025-66497 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶