Foxit Products Untrusted Search Path Privilege Escalation Vulnerability Allowing Local Privilege Escalation

A vulnerability exists in Foxit PDF Reader and Foxit PDF Editor for Windows and Mac, specifically in versions through 2025.3.0.35737 for Reader and through 2025.3.0.69570 for Editor. The issue arises because the applications' installers, while running with elevated privileges, resolve system executables and DLLs from untrusted search paths that can include user-writable directories. This flaw enables local attackers to place malicious binaries with names matching those of legitimate system files, which are then loaded or executed instead of the authentic files, leading to local privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized elevation of privileges, allowing a user to gain higher-level access or rights within the system.

Remediation

Users can update to Foxit PDF Reader 2026.1 or Foxit PDF Editor 2026.1, 14.0.3, or 13.2.3. Instructions for updating or downloading the latest versions are available on the Foxit website.