CVE-2025-66495

Published Dec 19, 2025

Last updated 2 months ago

CVSS high 7.8

Overview

Description: A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.
Source: 14984358-7092-470d-8f34-ade47a7658a2
NVD status: Analyzed
Products: pdf_editor, pdf_reader

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

14984358-7092-470d-8f34-ade47a7658a2: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "AAE67A0F-4DFE-4268-90D5-789CCA2155A6",
            "versionEndIncluding": "13.2.1.23955",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F1694C31-1717-40B3-9E11-773E39F288A8",
            "versionEndIncluding": "14.0.1.33197",
            "versionStartIncluding": "14.0.0.33046",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64",
            "versionEndIncluding": "2023.3.0.23028",
            "versionStartIncluding": "2023.1.0.15510",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580",
            "versionEndIncluding": "2024.4.1.27687",
            "versionStartIncluding": "2024.1.0.23997",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4AC7F7F1-B05D-48C7-9DD3-CFC7CBA2E275",
            "versionEndIncluding": "2025.2.1.33197",
            "versionStartIncluding": "2025.1.0.27937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "538915D1-1531-44A8-B15D-BCFE1356BCB5",
            "versionEndIncluding": "2025.2.1.33197",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DF36C22F-253D-4ACE-A202-1BC66099FB43",
            "versionEndIncluding": "13.2.1.63315",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4EAD777E-152E-4870-8CFD-10A4ED542409",
            "versionEndIncluding": "14.0.1.69005",
            "versionStartIncluding": "14.0.0.33046",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8D41C109-FCCC-467D-AC01-37CE4106DC89",
            "versionEndIncluding": "2023.3.0.63083",
            "versionStartIncluding": "2023.1.0.15510",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A5CE4481-BEBB-4646-B235-DCE82AEBD265",
            "versionEndIncluding": "2024.4.1.66479",
            "versionStartIncluding": "2024.1.0.23997",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B0778A96-55FD-452C-88F5-EE42D2D8CE49",
            "versionEndIncluding": "2025.2.1.69005",
            "versionStartIncluding": "2025.1.0.27937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "83D931C5-F081-441F-8B29-4FDD7B32327A",
            "versionEndIncluding": "2025.2.1.69005",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References