CVE-2025-55312

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2

Description A flaw exists in Foxit PDF and Editor where deleting pages in a PDF document using JavaScript can cause the application to incorrectly update its internal states. This can lead to issues when managing annotations, as the application assumes the internal states are valid, potentially resulting in memory corruption and application crashes. In certain scenarios, this could allow an attacker to execute arbitrary code. The issue involves dereferencing invalid or released memory.

Recommendations Update Foxit PDF and Editor to version 13.2 or later. Update Foxit PDF and Editor 2025 to version 2025.2 or later.

Fix

Out of bounds Read

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-476

Related Identifiers

BDU:2025-15882

CVE-2025-55312

Affected Products

Foxit Pdf Editor

Foxit Pdf/Editor 2025

CVE-2025-55312

Weakness Enumeration

Related Identifiers

Affected Products

References · 7