CVE-2025-55309

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2

Description A specially crafted PDF file containing JavaScript can trigger a use-after-free condition. This occurs when the JavaScript code attaches an OnBlur action to a form field, which then destroys an annotation. The program’s focus change handling prematurely releases the annotation object during a user’s right-click interaction, leading to memory corruption or application crashes. The vulnerability is related to the handling of annotations and focus changes within the application.

Recommendations Update Foxit PDF and Editor to version 13.2 or later. Update Foxit PDF and Editor 2025 to version 2025.2 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2025-55309

Affected Products

Foxit Pdf Editor

Foxit Pdf/Editor 2025

CVE-2025-55309

Weakness Enumeration

Related Identifiers

Affected Products

References · 7