Home
HIGH: 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HDefault status
unaffected
Versions 2025.2.1 and earlier
affected
Versions 14.0.1 and earlier
affected
Versions 13.2.1 and eariler
affected
Default status
unaffected
Versions 2025.2.1 and earlier
affected
Versions 14.0.1 and earlier
affected
Versions 13.2.1 and eariler
affected
Description
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
Problem types
CWE-732: Incorrect Permission Assignment for Critical Resource
Product status
Versions 2025.2.1 and earlier
Versions 14.0.1 and earlier
Versions 13.2.1 and eariler
Versions 2025.2.1 and earlier
Versions 14.0.1 and earlier
Versions 13.2.1 and eariler
References
www.foxit.com/support/security-bulletins.html
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
