Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Foxit Reader

Kaspersky ID:
KLA86658
Detect Date:
08/13/2025
Updated:
09/19/2025

Description

Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. Denial of service vulnerability can be exploited remotely to cause denial of service.
  2. Out-Of-Bounds Read vulnerability in JP2 File Parsing can be exploited remotely to bypass security restrictions and obtain sensitive information
  3. Out-Of-Bounds Read vulnerability in PRC File Parsing can be exploited remotely to execute arbitrary code
  4. Out-Of-Bounds Read vulnerability in PRC File Parsing can be exploited remotely to bypass security restrictions and obtain sensitive information
  5. An elevation of privilege vulnerability in Foxit PDF Reader Update Service can be exploited remotely to gain privileges.
  6. Out-Of-Bounds Read vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to obtain sensitive information.
  7. Use After Free vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to execute arbitrary code.
  8. Improper Verification of Cryptographic Signature vulnerability in handling signed document that contain JavaScript can be exploited remotely to bypass security restrictions.
  9. Use After Free vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to obtain sensitive information.
  10. Download of Code Without Integrity Check vulnerability in Start Page can be exploited remotely to obtain sensitive information.
  11. NULL Pointer Dereference vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to execute arbitrary code.
  12. Out-of-bounds Read vulnerability when executing JavaScripts embedded in certain PDF files can be exploited remotely to execute arbitrary code.
 
 

 

 

Original advisories

Related products

CVE list

  • CVE-2025-32451
    critical
  • CVE-2025-9323
    high
  • CVE-2025-9324
    high
  • CVE-2025-9325
    high
  • CVE-2025-9326
    critical
  • CVE-2025-9327
    high
  • CVE-2025-9328
    critical
  • CVE-2025-9329
    critical
  • CVE-2025-9330
    critical
  • CVE-2025-55307
    unknown
  • CVE-2025-55314
    unknown
  • CVE-2025-55311
    unknown
  • CVE-2025-55308
    unknown
  • CVE-2025-55310
    unknown
  • CVE-2025-55313
    unknown
  • CVE-2025-55312
    unknown
  • CVE-2025-55309
    unknown

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
21 April 2025
Kaspersky Daily
Update PyTorch ASAP | Kaspersky official blog
06 October 2025
Securelist
How we trained an ML model to detect DLL hijacking
06 October 2025
Securelist
Detecting DLL hijacking with machine learning: real-world cases
01 October 2025
Securelist
Forensic journey: hunting evil within AmCache
25 September 2025
Securelist
Massive npm infection: the Shai-Hulud worm and patient zero
19 September 2025
Securelist
Threat landscape for industrial automation systems in Q2 2025
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.