CVE-2025-9324 – Foxit PDF Reader contains an out-of-bounds read... (How to Fix)

Q: What is the severity of CVE-2025-9324?

CVE-2025-9324 has a CVSS score of 5.5 (MEDIUM). Foxit PDF Reader contains an out-of-bounds read vulnerability when parsing PRC files, allowing attackers to disclose sensitive information from affected systems. This affects users who open malicious PDF files or visit compromised websites. User interaction is required for exploitation.

📋 TL;DR

Foxit PDF Reader contains an out-of-bounds read vulnerability when parsing PRC files, allowing attackers to disclose sensitive information from affected systems. This affects users who open malicious PDF files or visit compromised websites. User interaction is required for exploitation.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Specific versions not detailed in advisory - check vendor bulletin for affected versions

Operating Systems: Windows, macOS, Linux (if supported)

Default Config Vulnerable: ⚠️ Yes

Notes: All installations parsing PRC files are vulnerable. PRC (Product Representation Compact) is a 3D file format sometimes embedded in PDFs.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the current process context.

🟠

Likely Case

Sensitive memory contents disclosure, potentially revealing credentials, session data, or other confidential information.

🟢

If Mitigated

Limited information leakage without code execution if proper memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction but malicious files can be delivered via web or email.

🏢 Internal Only: MEDIUM - Internal users opening malicious attachments or visiting compromised internal sites could be affected.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file. Information disclosure alone may need chaining with other vulnerabilities for full compromise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletin for latest patched version

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: No

Instructions:

1. Visit Foxit security bulletins page 2. Identify affected version range 3. Update to latest version 4. Verify update completed successfully

🔧 Temporary Workarounds

Disable PRC file parsing

all

Configure Foxit Reader to disable PRC/3D content rendering if not required

Navigate to Edit > Preferences > 3D & Multimedia > Uncheck 'Enable 3D content'

Use alternative PDF viewer

all

Temporarily use different PDF software until patched

🧯 If You Can't Patch

Restrict user permissions to limit impact of information disclosure
Implement application whitelisting to prevent unauthorized PDF readers

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version against vendor advisory. Versions listed as vulnerable in ZDI-25-868 or Foxit bulletin are affected.

Check Version:

In Foxit Reader: Help > About Foxit Reader

Verify Fix Applied:

Verify Foxit Reader version is updated beyond vulnerable versions listed in advisory.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening PDF files
Unexpected memory access errors in application logs

Network Indicators:

Downloads of PDF files from untrusted sources
Network traffic to known malicious domains delivering PDFs

SIEM Query:

EventID for application crashes OR process creation for foxit reader with suspicious parent process

📊 Metadata

CVE ID: CVE-2025-9324

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: September 2, 2025

Last Updated: September 8, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-868/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9324, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable PRC file parsing

Use alternative PDF viewer

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities