CVE-2025-66494 | THREATINT

Description

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.

PUBLISHED Reserved 2025-12-03 | Published 2025-12-19 | Updated 2025-12-19 | Assigner Foxit

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-416 Use After Free

Product status

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Credits

Anonymous working with Trend Micro Zero Day Initiative finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2025-66494)

nvd.nist.gov (CVE-2025-66494)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu