F

Foxit Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Foxit products.

15 known CVE vulnerabilities tracked

Critical
0
High
5
Medium
10
Low
0
None
0

Vulnerabilities By Year

15
2025

Products Affected

Pdf Editor 8 Pdf Editor Cloud 7

All Foxit CVEs

Recent Highest Score Oldest
CVE-2025-66522
6.3 medium

A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, e

Pdf Editor Cloud Dec 19, 2025
CVE-2025-66521
6.3 medium

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time th

Pdf Editor Cloud Dec 19, 2025
CVE-2025-66520
6.3 medium

A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craf

Pdf Editor Cloud Dec 19, 2025
CVE-2025-66519
6.3 medium

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected scr

Pdf Editor Cloud Dec 19, 2025
CVE-2025-66502
6.3 medium

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected

Pdf Editor Cloud Dec 19, 2025
CVE-2025-66501
6.3 medium

A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the injec

Pdf Editor Cloud Dec 19, 2025
CVE-2025-66500
6.3 medium

A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.

Pdf Editor Cloud Dec 19, 2025
CVE-2025-66499
7.8 high

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

Pdf Editor Dec 19, 2025
CVE-2025-66498
5.3 medium

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

Pdf Editor Dec 19, 2025
CVE-2025-66497
5.3 medium

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

Pdf Editor Dec 19, 2025
CVE-2025-66496
5.3 medium

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

Pdf Editor Dec 19, 2025
CVE-2025-66495
7.8 high

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allo

Pdf Editor Dec 19, 2025
CVE-2025-66494
7.8 high

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.

Pdf Editor Dec 19, 2025
CVE-2025-66493
7.8 high

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, poten

Pdf Editor Dec 19, 2025
CVE-2025-13941
8.8 high

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are

Pdf Editor Dec 19, 2025