CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.foxit.com/support/security-bulletins.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor:2025.1.0.66692:::::::*
	cpe:2.3:a:foxit:pdf_reader::::::::

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:::::::*
	cpe:2.3:a:foxit:pdf_reader::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

18 Dec 2025, 21:34

Type	Values Removed	Values Added
First Time		Foxit Microsoft windows Microsoft Foxit pdf Reader Apple macos Apple Foxit pdf Editor
References	~~() https://www.foxit.com/support/security-bulletins.html -~~	() https://www.foxit.com/support/security-bulletins.html - Vendor Advisory
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:::::::* cpe:2.3:a:foxit:pdf_editor:2025.1.0.66692:::::::* cpe:2.3:a:foxit:pdf_reader:::::::: cpe:2.3:a:foxit:pdf_editor:::::::: cpe:2.3:o:apple:macos:-:::::::*

11 Dec 2025, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-11 16:16

Updated : 2025-12-18 21:34

NVD link : CVE-2025-55312

Mitre link : CVE-2025-55312

CVE.ORG link : CVE-2025-55312

JSON object : View

Products Affected

microsoft

windows

foxit

pdf_editor
pdf_reader

apple

macos

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-55312", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-12-11T16:16:25.613", "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code."}], "lastModified": "2025-12-18T21:34:22.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4EDFD47-2811-431C-8535-91EE4090A9A8", "versionEndIncluding": "13.1.7.63027"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8785CCE-C44C-4908-9133-13A580D5BECB", "versionEndIncluding": "2023.3.0.63083", "versionStartIncluding": "2023.1.0.55583"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF043D20-0E28-481C-8756-D1301FAE67D2", "versionEndIncluding": "2024.4.1.66479", "versionStartIncluding": "2024.1.0.63682"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.66692:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FF839F-37E7-4AFA-85B1-FC98366B14E8"}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6520861F-4458-4E63-AA62-CF3096AE0C41", "versionEndIncluding": "2025.1.0.66692"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64", "versionEndIncluding": "2023.3.0.23028", "versionStartIncluding": "2023.1.0.15510"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580", "versionEndIncluding": "2024.4.1.27687", "versionStartIncluding": "2024.1.0.23997"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FDC914F-B999-4233-8BEA-CA20B1F0D9D3"}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB827B5A-9957-43B2-A633-EF5442A2EF35", "versionEndIncluding": "2025.1.0.27937"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}