Foxit PDF Reader is a popular PDF viewer software used to open and view PDF files. The vulnerability in Foxit PDF Reader allows an attacker to execute arbitrary code on the user's system by manipulating PDF objects, potentially leading to unauthorized access to sensitive data.
You're affected if you use Foxit PDF Reader version 2025.2.1 or earlier on Windows. To check if your version is vulnerable:
find %PROGRAMFILES%\Foxit\Reader\bin\foxitpdfreader.exe -name "foxitpdfreader.exe" 2>/dev/null
Note: This vulnerability does not affect Foxit PDF Editor.
To fix the vulnerability, upgrade to Foxit PDF Reader version 2025.3 or later from the official website:
https://www.foxit.com/download/
Immediate mitigations:
- Disable JavaScript in Foxit PDF Reader settings.
- Restrict network access to your system when using Foxit PDF Reader.