Foxit Products PDF Reader and PDF Editor Information Disclosure Vulnerability Allowing Unredacted Content or Unencrypted Data

A vulnerability exists in Foxit PDF Reader and Foxit PDF Editor that allows PDF JavaScript and document/print actions to modify form fields, annotations, or optional content groups just before or after redaction, encryption, or printing. This issue arises because the application's current redaction, encryption, and printing processes do not fully account for these script-driven updates. Under certain document structures and user workflows, this oversight may leave some sensitive content unremoved or unencrypted, or cause printed materials to differ slightly from what was displayed on screen. The vulnerability affects Foxit PDF Reader for Windows versions through 2025.3.0.35737, Foxit PDF Editor for Windows versions 2025.3.0.35737 and earlier, as well as all previous 2025.x versions, 2024.x versions prior to 2024.4.1.27687, 2023.x versions prior to 2023.3.0.23028, 14.x versions prior to 14.0.2.33402, and 13.2.2.24014 and earlier. Foxit PDF Editor for Mac versions 2025.3.0.69570 and all previous 2025.x versions, 2024.4.1.66479 and all previous 2024.x versions, 2023.3.0.63083 and all previous 2023.x versions, 14.0.2.69164 and all previous 14.x versions, and 13.2.2.63349 and earlier are also affected.

Impact

Exploitation of this vulnerability could lead to unauthorized exposure of sensitive information, as certain content may remain visible or unencrypted after redaction or printing, contrary to user expectations.

Remediation

Users can update to Foxit PDF Reader or Foxit PDF Editor version 2026.1 or later. Instructions for updating are available on the Foxit website.