CVE-2025-59802

HIGH

Foxit PDF Editor and Reader < 2025.2.1 - Signature Spoofing via Optional Content Groups

Title source: llm

Description

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

References (1)

Core 1

Core References

Vendor Advisory

https://www.foxit.com/support/security-bulletins.html

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 18.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (8)

foxit/pdf_editor 14.0.0.68868

foxit/pdf_editor 2025.1.0.66692

foxit/pdf_editor 2025.2.0.68868

foxit/pdf_editor 14.0.0.33046

foxit/pdf_editor 2025.1.0.27937

foxit/pdf_editor 2025.2.0.33046

foxit/pdf_editor < 13.2.0.63256

foxit/pdf_reader < 2025.2.0.68868

Published Dec 11, 2025

Tracked Since Feb 18, 2026