CVE-2025-13941

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
FoxitCNA
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
foxitpdf_editor
𝑥
≤ 13.2.1.23955
foxitpdf_editor
14.0.0.33046 ≤
𝑥
≤ 14.0.1.33197
foxitpdf_editor
2023.1.0.15510 ≤
𝑥
≤ 2023.3.0.23028
foxitpdf_editor
2024.1.0.23997 ≤
𝑥
≤ 2024.4.1.27687
foxitpdf_editor
2025.1.0.27937 ≤
𝑥
≤ 2025.2.1.33197
foxitpdf_reader
𝑥
≤ 2025.2.1.33197
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://www.foxit.com/support/security-bulletins.html