CVE-2025-55311

MEDIUM

Foxit PDF <13.2-2025.2 - Code Injection

Title source: llm

Description

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs.

References (1)

[Vendor Advisory] https://www.foxit.com/support/security-bulletins.html

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-347

Status published

Products (4)

foxit/pdf_editor 2025.1.0.66692

foxit/pdf_editor 2025.1.0.27937

foxit/pdf_editor < 13.1.7.63027

foxit/pdf_reader < 2025.1.0.66692

Published Dec 11, 2025

Tracked Since Feb 18, 2026