8.8
CVE-2025-13941
- EPSS 0.01%
- Veröffentlicht 19.12.2025 02:16:04
- Zuletzt bearbeitet 23.12.2025 17:35:55
- Quelle 14984358-7092-470d-8f34-ade47a
- CVE-Watchlists
- Unerledigt
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Foxit ≫ Pdf Editor Version <= 13.2.1.23955
Foxit ≫ Pdf Editor Version >= 14.0.0.33046 <= 14.0.1.33197
Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028
Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687
Foxit ≫ Pdf Editor Version >= 2025.1.0.27937 <= 2025.2.1.33197
Foxit ≫ Pdf Reader Version <= 2025.2.1.33197
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.029 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| 14984358-7092-470d-8f34-ade47a7658a2 | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.