Foxit PDF Editor
Moderate fix3 remedies
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*, +1 more
Moderate fix3 remedies
- <= 2025.3.0.35737
- <= 2025.x
- <= 2024.4.1.27687
- <= 2024.x
- <= 2023.3.0.23028
- <= 2023.x
- <= 14.0.2.33402
- <= 14.x
- <= 13.2.2.24014
Foxit Products Insecure Direct Object Reference Vulnerability Allowing Unauthorized Access or Modification
Vulnerability
Patched
A vulnerability allowing insecure direct object reference (IDOR) has been identified in the signing invitation acceptance process of Foxit PDF Reader, Foxit PDF Editor, and Foxit eSign. This vulnerability arises from insufficient authorization validation on user-supplied object identifiers, which could be manipulated to access or modify unauthorized resources. Under certain conditions, this could lead to forged signatures, compromising the integrity and authenticity of documents in the signing process.
Impact
Exploitation of this vulnerability could result in horizontal privilege escalation, allowing an attacker to access or modify resources belonging to another user, potentially leading to unauthorized changes in document signatures.
Remediation
Users can update to the latest versions of Foxit PDF Reader or Foxit PDF Editor. For Foxit PDF Reader, the updated version can be downloaded from the Foxit website or via the application's update feature. For Foxit PDF Editor, the latest version is also available on the Foxit website or through the application's update option. Foxit eSign has been automatically updated to address this vulnerability.
Added: Apr 1, 2026, 2:19 AM
Updated: Apr 1, 2026, 2:19 AM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
5.0exploitability
3.3remediation
7.7relevance
5.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.