CVE-2025-66498 – A memory corruption vulnerability in Foxit PDF ... (How to Fix)

Q: What is the severity of CVE-2025-66498?

CVE-2025-66498 has a CVSS score of 5.3 (MEDIUM). A memory corruption vulnerability in Foxit PDF Reader's 3D annotation handling allows attackers to execute arbitrary code or cause denial of service by tricking users into opening malicious PDF files. This affects all users of vulnerable Foxit PDF Reader versions who open untrusted PDF documents. The vulnerability stems from insufficient bounds checking when parsing U3D/PRC content.

📋 TL;DR

A memory corruption vulnerability in Foxit PDF Reader's 3D annotation handling allows attackers to execute arbitrary code or cause denial of service by tricking users into opening malicious PDF files. This affects all users of vulnerable Foxit PDF Reader versions who open untrusted PDF documents. The vulnerability stems from insufficient bounds checking when parsing U3D/PRC content.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Versions prior to the patched release (specific version TBD from vendor advisory)

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations with 3D annotation support enabled are vulnerable. The vulnerability specifically affects the U3D/PRC parsing component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the current user, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption that could be leveraged for information disclosure or further exploitation.

🟢

If Mitigated

Application crash with no data loss if proper sandboxing and memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening a malicious PDF) but could be delivered via email, web downloads, or compromised websites.

🏢 Internal Only: MEDIUM - Similar risk profile internally; malicious PDFs could be distributed via internal phishing or file shares.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious PDF. Memory corruption vulnerabilities in PDF readers have historically been weaponized quickly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest version on Foxit's security bulletins page

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Visit Foxit's security bulletins page
2. Download the latest version of Foxit PDF Reader
3. Install the update
4. Restart the application

🔧 Temporary Workarounds

Disable 3D content in Foxit Reader

all

Prevents parsing of U3D/PRC content that triggers the vulnerability

Open Foxit Reader > File > Preferences > Security > Uncheck 'Enable 3D'

Use alternative PDF viewer

all

Temporarily use a different PDF reader until patched

🧯 If You Can't Patch

Implement application whitelisting to block execution of Foxit Reader
Use email/web filtering to block PDF attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version against the patched version in the vendor advisory

Check Version:

Windows: Open Foxit Reader > Help > About; macOS/Linux: Check application info or package manager

Verify Fix Applied:

Verify Foxit Reader version matches or exceeds the patched version

📡 Detection & Monitoring

Log Indicators:

Application crash logs from Foxit Reader
Memory access violation errors in system logs

Network Indicators:

PDF file downloads from untrusted sources
Email attachments with PDF files

SIEM Query:

source="*foxit*" AND (event_type="crash" OR error="access_violation")

📊 Metadata

CVE ID: CVE-2025-66498

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-125

EPSS Score: 0.02% exploit probability (3.7th percentile)

Published: December 19, 2025

Last Updated: December 23, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66498, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable 3D content in Foxit Reader

Use alternative PDF viewer

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities