CVE-2025-66502 – A stored XSS vulnerability in Foxit PDF Online'... (How to Fix)

Q: What is the severity of CVE-2025-66502?

CVE-2025-66502 has a CVSS score of 6.3 (MEDIUM). A stored XSS vulnerability in Foxit PDF Online's Page Templates feature allows attackers to inject malicious scripts into template names. When users load affected PDFs, the scripts execute automatically in their browsers. This affects all users of pdfonline.foxit.com who create or view PDFs with malicious templates.

📋 TL;DR

A stored XSS vulnerability in Foxit PDF Online's Page Templates feature allows attackers to inject malicious scripts into template names. When users load affected PDFs, the scripts execute automatically in their browsers. This affects all users of pdfonline.foxit.com who create or view PDFs with malicious templates.

💻 Affected Systems

Products:

Foxit PDF Online (pdfonline.foxit.com)

Versions: All versions prior to patch

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the web interface at pdfonline.foxit.com; desktop/mobile apps are not impacted.

📦 What is this software?

Pdf Editor Cloud by Foxit

View all CVEs affecting Pdf Editor Cloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deploy malware through drive-by downloads.

🟠

Likely Case

Session hijacking, credential theft, or defacement of PDF content viewed by multiple users.

🟢

If Mitigated

Limited to isolated browser sessions with proper CSP headers and modern browser XSS protections.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authentication to create templates, but stored payloads affect all viewers. Simple JavaScript injection with minimal technical skill needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletins for specific version

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: No

Instructions:

1. Visit Foxit security bulletins page. 2. Apply the latest update to pdfonline.foxit.com. 3. Clear browser cache and test template functionality.

🔧 Temporary Workarounds

Disable Page Templates Feature

all

Temporarily disable template creation and usage until patched.

Contact Foxit support to disable feature at admin level

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources.

Add 'Content-Security-Policy: script-src 'self'' to web server headers

🧯 If You Can't Patch

Restrict template creation to trusted administrators only
Implement web application firewall rules to block XSS payload patterns

🔍 How to Verify

Check if Vulnerable:

Create a template with name: <script>alert('XSS')</script> and check if alert triggers when PDF loads.

Check Version:

Check browser console or contact Foxit support for current version

Verify Fix Applied:

Attempt the same XSS payload; it should be sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual template creation events
Long template names with script tags

Network Indicators:

JavaScript payloads in HTTP POST requests to template endpoints

SIEM Query:

source="web_logs" AND (uri_path="/templates" OR uri_path="/pdf") AND (message CONTAINS "<script>" OR message CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-66502

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.9th percentile)

Published: December 19, 2025

Last Updated: December 23, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66502, you might also want to check these: