Security Vulnerability Report
中文
CVE-2025-13941 CVSS 8.8 HIGH

CVE-2025-13941

Published: 2025-12-19 02:16:04
Last Modified: 2025-12-23 17:35:55
Source: 14984358-7092-470d-8f34-ade47a7658a2

Description

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Foxit PDF Reader < 2024.3.0.26798
Foxit PDF Editor < 2024.3.0.26798

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-13941 Foxit PDF Update Service Privilege Escalation PoC # This PoC demonstrates the permission misconfiguration vulnerability import os import sys import shutil import time def check_vulnerable_version(): """Check if Foxit PDF Reader/Editor is installed and potentially vulnerable""" foxit_paths = [ r"C:\Program Files\Foxit Software\Foxit PDF Reader", r"C:\Program Files (x86)\Foxit Software\Foxit PDF Reader", r"C:\Program Files\Foxit Software\Foxit PDF Editor", r"C:\Program Files (x86)\Foxit Software\Foxit PDF Editor" ] for path in foxit_paths: if os.path.exists(path): print(f"[+] Foxit installation found at: {path}") return True, path return False, None def find_update_service_resources(install_path): """Find resources used by the update service with insecure permissions""" vulnerable_paths = [] update_service_dir = os.path.join(install_path, "resources", "update") plugin_dir = os.path.join(install_path, "plugins") if os.path.exists(update_service_dir): for root, dirs, files in os.walk(update_service_dir): for file in files: file_path = os.path.join(root, file) if file.endswith(('.exe', '.dll')): vulnerable_paths.append(file_path) if os.path.exists(plugin_dir): for root, dirs, files in os.walk(plugin_dir): for file in files: if file.endswith(('.exe', '.dll')): vulnerable_paths.append(os.path.join(root, file)) return vulnerable_paths def check_file_permissions(file_path): """Check if a file has insecure permissions allowing modification""" try: import subprocess result = subprocess.run( ['icacls', file_path], capture_output=True, text=True ) output = result.stdout # Check if Users group has write/modify permissions if 'Users:(F)' in output or 'Users:(M)' in output or 'BUILTIN\Users:(W)' in output: return True return False except Exception as e: print(f"[-] Error checking permissions: {e}") return False def main(): print("=" * 60) print("CVE-2025-13941 Foxit PDF Update Service EoP Checker") print("=" * 60) # Check for Foxit installation is_installed, install_path = check_vulnerable_version() if not is_installed: print("[-] Foxit PDF Reader/Editor not found on this system") return print("[+] Searching for update service resources...") resources = find_update_service_resources(install_path) if not resources: print("[-] No update service resources found") return print(f"[+] Found {len(resources)} potential target files") vulnerable_files = [] for resource in resources: print(f"\n[*] Checking: {resource}") if check_file_permissions(resource): print(f"[+] VULNERABLE: {resource}") print("[+] File has insecure permissions allowing modification by low-privilege users") vulnerable_files.append(resource) else: print(f"[-] Not vulnerable: {resource}") if vulnerable_files: print("\n" + "=" * 60) print(f"[!] System is VULNERABLE to CVE-2025-13941") print(f"[!] Found {len(vulnerable_files)} files with insecure permissions") print("\n[+] Mitigation: Update Foxit PDF Reader/Editor to latest version") else: print("\n" + "=" * 60) print("[+] System appears NOT vulnerable to CVE-2025-13941") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13941", "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "published": "2025-12-19T02:16:04.493", "lastModified": "2025-12-23T17:35:55.073", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges."}], "metrics": {"cvssMetricV31": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-732"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.2.1.23955", "matchCriteriaId": "AAE67A0F-4DFE-4268-90D5-789CCA2155A6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0.0.33046", "versionEndIncluding": "14.0.1.33197", "matchCriteriaId": "F1694C31-1717-40B3-9E11-773E39F288A8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0.15510", "versionEndIncluding": "2023.3.0.23028", "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0.23997", "versionEndIncluding": "2024.4.1.27687", "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2025.1.0.27937", "versionEndIncluding": "2025.2.1.33197", "matchCriteriaId": "4AC7F7F1-B05D-48C7-9DD3-CFC7CBA2E275"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025.2.1.33197", "matchCriteriaId": "538915D1-1531-44A8-B15D-BCFE1356BCB5"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.