CVE-2026-3775

HIGH

Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Title source: cna

Description

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.

References (1)

Core 1

Core References

https://www.foxit.com/support/security-bulletins.html

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (4)

foxit/pdf_editor < 13.2.2.24014

foxit/pdf_reader < 2025.3.0.35737

Foxit Software Inc./Foxit PDF Editor Versions 2025.3 and earlier

Foxit Software Inc./Foxit PDF Reader Versions 2025.3 and earlier

Published Apr 01, 2026

Tracked Since Apr 01, 2026