7.8

CVE-2025-55314

EPSS 0.01%
Veröffentlicht 11.12.2025 00:00:00
Zuletzt bearbeitet 18.12.2025 21:32:14
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Editor Version <= 13.1.7.23637

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version2025.1.0.27937

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Reader Version <= 2025.1.0.27937

Microsoft ≫ Windows Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.foxit.com/support/security-bulletins.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-55314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55314

EUVD