CVE-2025-9330

High CVSS: 7.8

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709.

Vendor

Foxit

Product

Pdf Editor

CWE

CWE-427

Yayın Tarihi

2025-09-02 21:15:35

Güncelleme

2025-09-08 13:52:46

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-427 Pdf Editor HIGH Foxit 2025

Referanslar

https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-25-870/

Benzer Kayıtlar

Medium

CVE-2026-1592

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature.…

Medium

CVE-2026-1591

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A ma…

Medium

CVE-2025-66520

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonli…

Medium

CVE-2025-66521

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature.…

Medium

CVE-2025-66522

A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud…

Medium

CVE-2025-66501

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of th…