CVE-2025-59803

EPSS 0.02%
Veröffentlicht 11.12.2025 00:00:00
Zuletzt bearbeitet 15.12.2025 20:17:46
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Editor Version <= 13.2.0.63256

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2023.1.0.55583 <= 2023.3.0.63083

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2024.1.0.63682 <= 2024.4.1.66479

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version14.0.0.68868

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version2025.1.0.66692

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version2025.2.0.68868

Apple ≫ macOS Version-

Foxit ≫ Pdf Reader Version <= 2025.2.0.68868

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version <= 13.2.0.23874

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version14.0.0.33046

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version2025.1.0.27937

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version2025.2.0.33046

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Reader Version <= 2025.2.0.33046

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.foxit.com/support/security-bulletins.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59803

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59803

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59803

EUVD