CVE-2025-66499

CWE-190 — Integer Overflow4 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 82.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxit PDF Editor Foxit PDF Reader Foxit Software Inc. Foxit PDF Editor +1 more

Timeline

PublishedDec 19

Description

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDfoxit/pdf_reader2025.2.1.33197+1

▶CVEListV5foxit_software_inc./foxit_pdf_readerVersions 13.2.1 and eariler, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2

▶NVDfoxit/pdf_editor14.0.0.33046 — 14.0.1.33197+9

▶CVEListV5foxit_software_inc./foxit_pdf_editorVersions 13.2.1 and eariler, Versions 14.0.1 and earlier, Versions 2025.2.1 and earlier+2

🔴Vulnerability Details

CVEList

Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability↗2025-12-19

▶

GHSA

GHSA-5w85-6378-9j4v: A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data↗2025-12-19

▶

🕵️Threat Intelligence

Wiz

CVE-2025-66499 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶