Foxit PDF Reader
Moderate fix1 remedy
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- <= 2025.1.0.27937
Foxit PDF Reader PRC File Parsing Out-of-Bounds Read Remote Code Execution Vulnerability
Vulnerability
Patched
A remote code execution vulnerability has been identified in Foxit PDF Reader versions 2025.1.0.27937 and earlier for Windows, as well as in Foxit PDF Editor versions 2025.1.0.27937, 2024.4.1.27687 and all previous 2024.x versions, 2023.3.0.23028 and all previous 2023.x versions, and 13.1.7.23637 and earlier, also for Windows. This vulnerability arises from improper validation of user-supplied data when parsing PRC files, leading to an out-of-bounds read that allows remote attackers to execute arbitrary code on the affected system. Exploitation requires user interaction, such as opening a malicious PRC file or visiting a harmful webpage.
Impact
Successful exploitation of this vulnerability allows remote code execution on the affected system, with the executed code running in the context of the current user.
Remediation
Users can update to Foxit PDF Reader 2025.2 or Foxit PDF Editor 2025.2. Instructions for updating are available on the Foxit website.
Added: Sep 2, 2025, 9:21 PM
Updated: Sep 2, 2025, 9:21 PM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
10.0exploitability
4.4remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.