CVE-2025-66497 – A memory corruption vulnerability in Foxit PDF ... (How to Fix)

Q: What is the severity of CVE-2025-66497?

CVE-2025-66497 has a CVSS score of 5.3 (MEDIUM). A memory corruption vulnerability in Foxit PDF Reader allows attackers to execute arbitrary code by tricking users into opening malicious PDF files containing specially crafted PRC content. This affects all users of vulnerable Foxit PDF Reader versions who open untrusted PDF files. The vulnerability stems from insufficient bounds checking when parsing 3D annotation data.

📋 TL;DR

A memory corruption vulnerability in Foxit PDF Reader allows attackers to execute arbitrary code by tricking users into opening malicious PDF files containing specially crafted PRC content. This affects all users of vulnerable Foxit PDF Reader versions who open untrusted PDF files. The vulnerability stems from insufficient bounds checking when parsing 3D annotation data.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Specific version range not provided in CVE description; check Foxit security bulletins for exact affected versions.

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations that process PDF files with 3D annotations/PRC content are vulnerable. The vulnerability is triggered when opening PDF files, regardless of security settings.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the current user, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption that could be leveraged for information disclosure or further exploitation.

🟢

If Mitigated

No impact if users only open trusted PDF files from verified sources and the application is properly sandboxed.

🌐 Internet-Facing: MEDIUM - Attackers could host malicious PDFs on websites or distribute via email, but requires user interaction to open the file.

🏢 Internal Only: LOW - Primarily a client-side vulnerability; internal network exposure is limited unless PDF files are actively shared internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious PDF) but no authentication. The CVSS score of 5.3 suggests moderate exploit complexity and impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletins for patched version

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Visit Foxit security bulletins page
2. Identify the patched version for your product
3. Update Foxit PDF Reader to the latest version
4. Restart the application and system if prompted

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

all

Prevents some exploitation vectors that use JavaScript to trigger the vulnerability

Open Foxit Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Open untrusted PDFs in protected/sandboxed mode to limit potential damage

Open Foxit Reader > File > Preferences > Trust Manager > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

Disable Foxit PDF Reader as default PDF handler and use alternative PDF viewers
Implement application whitelisting to block execution of vulnerable Foxit Reader versions

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version against affected versions listed in Foxit security bulletins

Check Version:

Open Foxit Reader > Help > About Foxit Reader

Verify Fix Applied:

Confirm Foxit Reader version is updated to patched version specified in security bulletin

📡 Detection & Monitoring

Log Indicators:

Application crashes of Foxit Reader
Unexpected process termination events
Memory access violation errors in application logs

Network Indicators:

Downloads of PDF files from suspicious sources
Email attachments with PDF files containing 3D content

SIEM Query:

EventID=1000 OR EventID=1001 Source='Foxit Reader' OR ProcessName='FoxitReader.exe' AND (ExceptionCode=0xc0000005 OR ExceptionCode=0xc0000409)

📊 Metadata

CVE ID: CVE-2025-66497

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-125

EPSS Score: 0.02% exploit probability (3.7th percentile)

Published: December 19, 2025

Last Updated: December 23, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66497, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities