CVE-2025-59802

Description

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

PUBLISHED Reserved 2025-09-22 | Published 2025-12-11 | Updated 2025-12-11 | Assigner mitre

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2025-59802)

nvd.nist.gov (CVE-2025-59802)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.