Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability_CVE-2025-13941

{
    "lastseen": "",
    "description": "A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.",
    "published": "2025-12-19T01:51:22.461Z",
    "modified": "2025-12-19T02:30:02.949Z",
    "type": "cve",
    "title": "Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability",
    "source": "Foxit",
    "references": "https://www.foxit.com/support/security-bulletins.html",
    "id": "CVE-2025-13941",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Foxit Software Inc. Foxit PDF Reader Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 13.2.1 and eariler\nFoxit Software Inc. Foxit PDF Editor Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 13.2.1 and eariler",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Foxit PDF Reader",
    "version": "Versions 2025.2.1 and earlier",
    "vendor": "Foxit Software Inc.",
    "ai_description": "Local privilege escalation vulnerability in Foxit PDF Reader/Editor Update Service due to incorrect file system permissions",
    "ai_severity": "High",
    "ai_vendor": "Foxit Software Inc.",
    "ai_product": "Foxit PDF Reader/Editor",
    "ai_version": "2025.2.1 and earlier, 14.0.1 and earlier, 13.2.1 and earlier",
    "ai_score": 8.8
}