CVE-2025-55307
📋 TL;DR
This vulnerability in Foxit PDF software allows attackers to trigger an out-of-bounds read by tricking users into opening malicious PDF files containing crafted JavaScript. The flaw could lead to information disclosure or memory corruption. Users of Foxit PDF Reader and Editor on Windows are affected.
💻 Affected Systems
- Foxit PDF Reader
- Foxit PDF Editor
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Memory corruption leading to arbitrary code execution or sensitive information disclosure from process memory
Likely Case
Application crash or limited information disclosure from memory
If Mitigated
No impact if JavaScript execution is disabled or malicious PDFs are blocked
🎯 Exploit Status
Exploitation requires user interaction to open malicious PDF and JavaScript execution enabled
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Foxit PDF Reader/Editor 13.2 or 2025.2
Vendor Advisory: https://www.foxit.com/support/security-bulletins.html
Restart Required: Yes
Instructions:
1. Download latest version from Foxit website 2. Run installer 3. Restart system 4. Verify version in Help > About
🔧 Temporary Workarounds
Disable JavaScript in Foxit
windowsPrevents JavaScript execution in PDFs, blocking the attack vector
File > Preferences > JavaScript > Uncheck 'Enable JavaScript'
Use alternative PDF viewer
windowsTemporarily use Windows built-in PDF viewer or other unaffected software
🧯 If You Can't Patch
- Block PDF files at network perimeter/email gateway
- Educate users not to open PDFs from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check Foxit version in Help > About menuCheck Version:
Not applicable - check via GUI in Help > AboutVerify Fix Applied:
Confirm version is 13.2 or higher (or 2025.2 for 2025 series)📡 Detection & Monitoring
Log Indicators:
- Foxit crash logs
- Windows Application Error events with Foxit process
Network Indicators:
- PDF downloads from suspicious sources
SIEM Query:
EventID=1000 OR EventID=1001 AND ProcessName LIKE '%foxit%'