8.8

CVE-2025-32451

Medienbericht

Exploit

EPSS 0.18%
Veröffentlicht 13.08.2025 13:37:18
Zuletzt bearbeitet 03.11.2025 20:18:27
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Reader Version2025.1.0.27937

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.386

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
talos-cna@cisco.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://www.heise.de/news/Foxit-PDF-Reader-Praeparierte-PDFs-koennen-Schadcode-auf-PCs-schleusen-10524778.html

Media Report

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2202

Third Party Advisory

Exploit

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2202

https://nvd.nist.gov/vuln/detail/CVE-2025-32451

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32451

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32451

EUVD