Foxit PDF Spoofing

MEDIUM (5.3) No Patch (3 days)
cwe-347foxitpdf-editorpdf-readerrcesignature-spoofingtriggers

Threat Intelligence

Low Risk
EPSS Score: 0.02% chance of exploitation (percentile: 3%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Foxit PDF Editor and Reader is a popular software for viewing, editing, and signing PDF documents. This vulnerability allows attackers to embed malicious triggers in PDF documents that execute during the signing process, potentially modifying content on other pages or layers without explicit warning.

Am I affected?

You're affected if you use Foxit PDF Editor and Reader. Affected versions: 2025.2.1

Affected Products

Foxit Software Corporation / Foxit PDF Editor and Reader

How to fix

To fix this vulnerability, upgrade to Foxit PDF Editor or Reader versions 2025.2.1, 14.0.1, or 13.2.1.

Immediate mitigations:

  • Restrict network access to your Foxit PDF Editor or Reader instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized trigger creation

You can download the latest version of Foxit PDF Editor or Reader from their official website: https://www.foxit.com/download/

References