Foxit PDF Editor and Reader Signature Spoofing Vulnerability via Optional Content Groups

A vulnerability allowing signature spoofing has been identified in Foxit PDF Editor and Reader versions prior to 2025.2.1. This issue arises when Optional Content Groups (OCG) are supported, as the state property of an OCG is only considered at runtime and not included in the digital signature computation. An attacker can exploit this by using JavaScript or PDF triggers to change the visibility of OCG content after the document has been signed, thereby modifying the visual content of a signed PDF without invalidating the signature. This creates a discrepancy between the signed content and what the signer or verifier observes, compromising the integrity of the digital signature.

Impact

Exploitation of this vulnerability leads to improper verification of cryptographic signatures, allowing for manipulation of document content. This could deceive users into trusting altered documents, undermining the reliability of digital signatures.

Remediation

Users can update to Foxit PDF Editor or Reader versions 2025.2.1, 14.0.1, or 13.2.1. Instructions for updating are available on the Foxit website.