Foxit Pdf Reader vulnerabilities
310 known vulnerabilities affecting foxit/pdf_reader.
Total CVEs
310
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH239MEDIUM38LOW30
Vulnerabilities
Page 2 of 16
CVE-2025-59802HIGHCVSS 7.5≤ 2025.2.0.68868≤ 2025.2.0.330462025-12-11
CVE-2025-59802 [HIGH] CWE-290 CVE-2025-59802: Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (
nvd
CVE-2025-55312HIGHCVSS 7.8≤ 2025.1.0.66692≤ 2025.1.0.279372025-12-11
CVE-2025-55312 [HIGH] CWE-476 CVE-2025-55312: An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memor
nvd
CVE-2025-55310HIGHCVSS 7.3≤ 2025.1.0.66692≤ 2025.1.0.279372025-12-11
CVE-2025-55310 [HIGH] CWE-494 CVE-2025-55310: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 20
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other
nvd
CVE-2025-59803MEDIUMCVSS 5.3≤ 2025.2.0.68868≤ 2025.2.0.330462025-12-11
CVE-2025-59803 [MEDIUM] CWE-347 CVE-2025-59803: Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can e
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional
nvd
CVE-2025-55309MEDIUMCVSS 6.7≤ 2025.1.0.66692≤ 2025.1.0.279372025-12-11
CVE-2025-55309 [MEDIUM] CWE-416 CVE-2025-55309: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 20
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, result
nvd
CVE-2025-55308MEDIUMCVSS 6.7≤ 2025.1.0.279372025-12-11
CVE-2025-55308 [MEDIUM] CWE-416 CVE-2025-55308: An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A cr
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory corruption, potentially resulting in information disclosur
nvd
CVE-2025-55311MEDIUMCVSS 6.5≤ 2025.1.0.66692≤ 2025.1.0.279372025-12-11
CVE-2025-55311 [MEDIUM] CWE-347 CVE-2025-55311: An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 20
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker
nvd
CVE-2025-55307LOWCVSS 3.3≤ 2025.1.0.279372025-12-11
CVE-2025-55307 [LOW] CWE-125 CVE-2025-55307: An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Open
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.
nvd
CVE-2025-9330HIGHCVSS 7.8≤ 2025.1.0.27937v2025.1.0.279372025-09-02
CVE-2025-9330 [HIGH] CWE-427 CVE-2025-9330: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerab
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
T
nvd
CVE-2025-9326HIGHCVSS 7.8fixed in 2025.1.0.27937≤ 2025.1.0.66692+1 more2025-09-02
CVE-2025-9326 [HIGH] CWE-125 CVE-2025-9326: Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulne
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific fla
nvd
CVE-2025-9329HIGHCVSS 7.8fixed in 2025.1.0.27937≤ 2025.1.0.66692+1 more2025-09-02
CVE-2025-9329 [HIGH] CWE-125 CVE-2025-9329: Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulne
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific fla
nvd
CVE-2025-9328HIGHCVSS 7.8fixed in 2025.1.0.27937≤ 2025.1.0.66692+1 more2025-09-02
CVE-2025-9328 [HIGH] CWE-125 CVE-2025-9328: Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulne
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific fla
nvd
CVE-2025-9323MEDIUMCVSS 5.5fixed in 2025.1.0.27937v2025.1.0.279372025-09-02
CVE-2025-9323 [MEDIUM] CWE-125 CVE-2025-9323: Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vuln
Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The s
nvd
CVE-2025-9325MEDIUMCVSS 5.5fixed in 2025.1.0.27937≤ 2025.1.0.66692+1 more2025-09-02
CVE-2025-9325 [MEDIUM] CWE-125 CVE-2025-9325: Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vuln
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The s
nvd
CVE-2025-9327MEDIUMCVSS 5.5fixed in 2025.1.0.27937v2024.4.0.276832025-09-02
CVE-2025-9327 [MEDIUM] CWE-125 CVE-2025-9327: Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vuln
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The s
nvd
CVE-2025-9324MEDIUMCVSS 5.5fixed in 2025.1.0.27937≤ 2025.1.0.66692+1 more2025-09-02
CVE-2025-9324 [MEDIUM] CWE-125 CVE-2025-9324: Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vuln
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The s
nvd
CVE-2025-32451HIGHCVSS 8.8v2025.1.0.279372025-08-13
CVE-2025-32451 [HIGH] CWE-824 CVE-2025-32451: A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uniniti
A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the maliciou
nvd
CVE-2024-12751HIGHCVSS 7.8≤ 2024.3.0.26795v2024.2.3.251842024-12-30
CVE-2024-12751 [HIGH] CWE-125 CVE-2024-12751: Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exis
nvd
CVE-2024-12752HIGHCVSS 7.8≤ 2024.3.0.26795v2024.2.3.251842024-12-30
CVE-2024-12752 [HIGH] CWE-119 CVE-2024-12752: Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability
Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists
nvd
CVE-2024-12753HIGHCVSS 7.3≤ 2024.3.0.26795v2024.2.3.251842024-12-30
CVE-2024-12753 [HIGH] CWE-59 CVE-2024-12753: Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows
Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within th
nvd