Login Sign Up

CVE-2025-9323

5.5 MEDIUM

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to disclose sensitive information by tricking users into opening malicious JP2 files. The flaw exists in JP2 file parsing where improper data validation enables out-of-bounds reads. Affected users include anyone running vulnerable versions of Foxit PDF Reader.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: Versions prior to the patch (specific version not provided in CVE)
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. JP2 file format support is typically enabled by default.

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the current process context.

🟠

Likely Case

Sensitive memory content disclosure, potentially revealing credentials, session data, or other confidential information.

🟢

If Mitigated

Limited information leakage without code execution if proper memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction but malicious files can be delivered via web pages or email.
🏢 Internal Only: LOW - Still requires user interaction but internal attack surface is more controlled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious file). Combined with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version from Foxit (check vendor advisory)

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: No

Instructions:

1. Visit Foxit's security bulletins page. 2. Download and install the latest version. 3. Verify installation completes successfully.

🔧 Temporary Workarounds

Disable JP2 file support

all

Remove or disable JP2 file format handling in Foxit PDF Reader

Use alternative PDF viewer

all

Temporarily use a different PDF reader until patched

🧯 If You Can't Patch

  • Implement application whitelisting to block Foxit PDF Reader execution
  • Use email/web gateways to block JP2 file attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check Foxit PDF Reader version against vendor advisory. Versions prior to patch are vulnerable.

Check Version:

In Foxit PDF Reader: Help → About Foxit Reader

Verify Fix Applied:

Verify Foxit PDF Reader version matches or exceeds patched version from vendor advisory.

📡 Detection & Monitoring

Log Indicators:

  • Foxit PDF Reader crash logs
  • Application error events related to JP2 parsing

Network Indicators:

  • Downloads of JP2 files followed by Foxit PDF Reader execution

SIEM Query:

Process:foxitreader.exe AND FileExtension:.jp2 OR FileExtension:.j2k

📊 Metadata

CVE ID: CVE-2025-9323
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
EPSS Score: 0.03% exploit probability (6.7th percentile)
Published: September 2, 2025
Last Updated: September 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9323, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)