Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1

on Windows

. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.

Basic Information

ID CVE-2025-66493

Source Foxit

Published Dec 19, 2025 at 07:07

Modified Dec 19, 2025 at 07:08

Affected Product

Vendor Foxit Software Inc.

Product Foxit PDF Editor

Version Versions 2025.2.1 and earlier

Affected Versions Foxit Software Inc. Foxit PDF Editor Versions 2025.2.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 14.0.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 13.2.1 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 2025.2.1 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 14.0.1 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 13.2.1 and earlier

CWE Classification

CWE-416

References

www.foxit.com /support/security-bulletins.html

{
    "lastseen": "",
    "description": "A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 \n\non Windows\n\n. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.",
    "published": "2025-12-19T07:07:43.476Z",
    "modified": "2025-12-19T07:08:06.682Z",
    "type": "cve",
    "title": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability",
    "source": "Foxit",
    "references": "https://www.foxit.com/support/security-bulletins.html",
    "id": "CVE-2025-66493",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "Foxit Software Inc. Foxit PDF Editor Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 13.2.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 13.2.1 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Foxit PDF Editor",
    "version": "Versions 2025.2.1 and earlier",
    "vendor": "Foxit Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability_CVE-2025-66493