CVE-2025-66493 | THREATINT

Description

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.

PUBLISHED Reserved 2025-12-03 | Published 2025-12-19 | Updated 2025-12-19 | Assigner Foxit

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-416 Use After Free

Product status

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and earlier

affected

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and earlier

affected

Credits

Anonymous working with Trend Micro Zero Day Initiative finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2025-66493)

nvd.nist.gov (CVE-2025-66493)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu