CVE-2025-66495 | THREATINT

Description

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.

PUBLISHED Reserved 2025-12-03 | Published 2025-12-19 | Updated 2025-12-19 | Assigner Foxit

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-416 Use After Free

Product status

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Credits

KX.H working with Trend Micro Zero Day Initiative finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2025-66495)

nvd.nist.gov (CVE-2025-66495)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu