7.5
CVE-2025-59802
- EPSS 0.04%
- Veröffentlicht 11.12.2025 00:00:00
- Zuletzt bearbeitet 18.12.2025 21:31:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginFoxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Foxit ≫ Pdf Editor Version <= 13.2.0.63256
Foxit ≫ Pdf Editor Version >= 2023.1.0.55583 <= 2023.3.0.63083
Foxit ≫ Pdf Editor Version >= 2024.1.0.63682 <= 2024.4.1.66479
Foxit ≫ Pdf Editor Version14.0.0.68868
Foxit ≫ Pdf Editor Version2025.1.0.66692
Foxit ≫ Pdf Editor Version2025.2.0.68868
Foxit ≫ Pdf Reader Version <= 2025.2.0.68868
Foxit ≫ Pdf Editor Version <= 13.2.0.23874
Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028
Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687
Foxit ≫ Pdf Editor Version14.0.0.33046
Foxit ≫ Pdf Editor Version2025.1.0.27937
Foxit ≫ Pdf Editor Version2025.2.0.33046
Foxit ≫ Pdf Reader Version <= 2025.2.0.33046
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.127 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.