CVE-2025-55314 – This vulnerability in Foxit PDF software allows... (How to Fix)

Q: What is the severity of CVE-2025-55314?

CVE-2025-55314 has a CVSS score of 7.8 (HIGH). This vulnerability in Foxit PDF software allows memory corruption when pages are deleted via JavaScript, potentially enabling arbitrary code execution. It affects Windows and macOS users running Foxit PDF Reader/Editor versions before 13.2 and 2025 before 2025.2.

📋 TL;DR

This vulnerability in Foxit PDF software allows memory corruption when pages are deleted via JavaScript, potentially enabling arbitrary code execution. It affects Windows and macOS users running Foxit PDF Reader/Editor versions before 13.2 and 2025 before 2025.2.

💻 Affected Systems

Products:

Foxit PDF Reader
Foxit PDF Editor

Versions: All versions before 13.2 and 2025 before 2025.2

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires JavaScript execution enabled (default in Foxit).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with attacker gaining full control of the system through a malicious PDF file.

🟠

Likely Case

Application crashes and denial of service when processing specially crafted PDF documents.

🟢

If Mitigated

Limited to application crashes if memory corruption doesn't lead to code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious PDF.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 13.2 or 2025.2

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit application
2. Go to Help > Check for Updates
3. Follow prompts to install latest version
4. Restart application

🔧 Temporary Workarounds

Disable JavaScript in Foxit

windows

Prevents JavaScript execution in PDF files, blocking the trigger mechanism

Open Foxit > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use alternative PDF viewer

all

Temporarily use different PDF software until patched

🧯 If You Can't Patch

Restrict PDF file sources to trusted locations only
Implement application whitelisting to block Foxit execution

🔍 How to Verify

Check if Vulnerable:

Check Foxit version in Help > About. If version is below 13.2 or 2025.2, system is vulnerable.

Check Version:

On Windows: wmic product where name like "Foxit%" get version

Verify Fix Applied:

Confirm version is 13.2 or higher (for version 13.x) or 2025.2 or higher (for version 2025.x).

📡 Detection & Monitoring

Log Indicators:

Application crash logs from Foxit processes
Unexpected memory access errors in system logs

Network Indicators:

Downloads of PDF files from untrusted sources
PDF files with embedded JavaScript

SIEM Query:

source="*foxit*" AND (event_type="crash" OR error="memory" OR error="access_violation")

📊 Metadata

CVE ID: CVE-2025-55314

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-476

EPSS Score: 0.01% exploit probability (1th percentile)

Published: December 11, 2025

Last Updated: December 18, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55314, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit

Use alternative PDF viewer

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities