CVE-2025-66495

HIGH (7.8) No Patch
cwe-416

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.

Am I affected?

You're affected if you use A use-after-free vulnerability exists. Affected versions: 2025.2.1

Affected Products

Foxit Software / Foxit PDF Reader

How to fix

No public patch link found in the advisory. Contact the vendor directly for remediation guidance. As immediate mitigation: restrict network access to affected systems if possible.

References