PT-2025-50623 · Foxit · Foxit Pdf Editor+1
Christian Mainka
+3
·
Published
2025-12-11
·
Updated
2025-12-11
·
CVE-2025-59802
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Editor and Reader versions prior to 2025.2.1
Description
The software allows for signature spoofing through the use of Optional Content Groups (OCG). When OCGs are supported, the state property of an OCG is runtime-only and is not included in the digital signature computation. An attacker can use JavaScript or PDF triggers to change the visibility of OCG content after signing, modifying the visual content of a signed PDF without invalidating the signature. This can lead to a discrepancy between the signed content and what is displayed to the signer or verifier, potentially compromising the trustworthiness of the digital signature.
Recommendations
Update to version 2025.2.1 or later.
Update to version 14.0.1 or later.
Update to version 13.2.1 or later.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Editor
Foxit Pdf Reader