CVE-2025-32451

HIGH

Foxit Reader 2025.1.0.27937 - Memory Corruption

Title source: llm

Description

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2202

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2202

Scores

CVSS v3 8.8

EPSS 0.0016

EPSS Percentile 36.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-824

Status published

Products (1)

foxit/pdf_reader 2025.1.0.27937

Published Aug 13, 2025

Tracked Since Feb 18, 2026