CVE-2025-55309

MEDIUM

Foxit PDF & Editor <13.2-2025.2 - Use After Free

Title source: llm

Description

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.

References (1)

Core 1

Core References

Vendor Advisory

https://www.foxit.com/support/security-bulletins.html

Scores

CVSS v3 6.7

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (4)

foxit/pdf_editor 2025.1.0.66692

foxit/pdf_editor 2025.1.0.27937

foxit/pdf_editor < 13.1.7.63027

foxit/pdf_reader < 2025.1.0.66692

Published Dec 11, 2025

Tracked Since Feb 18, 2026