CVE-2025-55307
low-risk
Published 2025-12-11
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ LOW complexity
Affected Products (3)
Affected Vendors
References (1)
Vendor Advisory
https://www.foxit.com/support/security-bulletins.html
22
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
9/34 · Low