CVE-2025-55309

EUVD-2025-202710

11.12.2025, 16:16

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
foxit	pdf_editor	𝑥 ≤ 13.1.7.63027
foxit	pdf_editor	2023.1.0.55583 ≤ 𝑥 ≤ 2023.3.0.63083
foxit	pdf_editor	2024.1.0.63682 ≤ 𝑥 ≤ 2024.4.1.66479
foxit	pdf_editor	2025.1.0.66692
foxit	pdf_reader	𝑥 ≤ 2025.1.0.66692
foxit	pdf_editor	𝑥 ≤ 13.1.7.23637
foxit	pdf_editor	2023.1.0.15510 ≤ 𝑥 ≤ 2023.3.0.23028
foxit	pdf_editor	2024.1.0.23997 ≤ 𝑥 ≤ 2024.4.1.27687
foxit	pdf_editor	2025.1.0.27937
foxit	pdf_reader	𝑥 ≤ 2025.1.0.27937

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://www.foxit.com/support/security-bulletins.html