Primary

Context

Foxit PDF and Editor Out-of-Bounds Read Vulnerability Leading to Information Disclosure or Memory Corruption

Vulnerability

A vulnerability allowing an out-of-bounds read has been identified in Foxit PDF Reader and Foxit PDF Editor for Windows, prior to version 13.2 and in 2025 versions prior to 2025.2. This issue arises when a malicious PDF is opened, containing a crafted JavaScript call to search.query() with a manipulated cDIPath parameter. The flaw exists in the internal path-parsing logic, where improper validation allows reading data beyond allocated buffers. This could potentially lead to information disclosure or memory corruption.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure or memory corruption, which may be leveraged for further attacks.

Remediation

Users can update to Foxit PDF Reader 2025.2.1 or Foxit PDF Editor 2025.2.1/14.0.1/13.2.1. Instructions for updating are available on the Foxit website.

Added: Dec 11, 2025, 4:28 PM

Updated: Dec 11, 2025, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Foxit PDF and Editor Out-of-Bounds Read Vulnerability Leading to Information Disclosure or Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating