PT-2025-52421 · Foxit · Foxit Pdf Editor+1
Published
2025-12-19
·
Updated
2025-12-24
·
CVE-2025-66493
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Reader versions prior to 2025.2.1
Foxit PDF Editor versions prior to 2025.2.1, 14.0.1 and 13.2.1
Description
A use-after-free issue exists in the AcroForm handling of the software. Opening a PDF file with specially crafted JavaScript can lead to accessing or dereferencing a pointer to already freed memory. This could allow a remote attacker to potentially execute arbitrary code.
Recommendations
Update Foxit PDF Reader to version 2025.2.1 or later.
Update Foxit PDF Editor to version 2025.2.1, 14.0.1, or 13.2.1 or later.
Fix
RCE
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Editor
Foxit Pdf Reader