← Retour aux CVEs
CVE-2025-66494
HIGH7.8
Description
A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie12/19/2025
Derniere modification12/23/2025
Sourcenvd
Observations honeypot0
Produits affectes
foxit:pdf_editorfoxit:pdf_readermicrosoft:windows
Faiblesses (CWE)
CWE-416
References
https://www.foxit.com/support/security-bulletins.html(14984358-7092-470d-8f34-ade47a7658a2)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.