CVE-2025-32451

High CVSS: 8.8

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Vendor

Foxit

Product

Pdf Reader

CWE

CWE-824

Yayın Tarihi

2025-08-13 14:15:31

Güncelleme

2025-11-03 20:18:27

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-824 Pdf Reader HIGH Foxit 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2202 https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2202

Benzer Kayıtlar

Medium

CVE-2026-1592

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature.…

Medium

CVE-2026-1591

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A ma…

Medium

CVE-2025-66520

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonli…

Medium

CVE-2025-66521

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature.…

Medium

CVE-2025-66522

A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud…

Medium

CVE-2025-66501

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of th…