Primary

Context

Foxit PDF and Editor for Windows Use-After-Free Vulnerability Leading to Memory Corruption and Information Disclosure

Vulnerability

A use-after-free vulnerability has been identified in Foxit PDF Reader and Foxit PDF Editor for Windows, affecting versions prior to 13.2 and 2025 prior to 2025.2. The vulnerability arises when a crafted PDF containing JavaScript is opened, specifically if the JavaScript calls the closeDoc() function while internal objects are still in use. This can cause a premature release of these objects, leading to memory corruption. The exploitation of this vulnerability could result in unauthorized information disclosure.

Impact

Exploitation of this vulnerability may lead to memory corruption, with a potential for information disclosure when the manipulated PDF is opened.

Remediation

Users can update to Foxit PDF Reader 2025.2.1 or Foxit PDF Editor 2025.2.1/14.0.1/13.2.1. Instructions for updating are available on the Foxit website.

Added: Dec 11, 2025, 4:27 PM

Updated: Dec 11, 2025, 8:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Foxit PDF and Editor for Windows Use-After-Free Vulnerability Leading to Memory Corruption and Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating