File Deletion Vulnerability in Foxit Reader and PhantomPDF by Foxit Software
CVE-2021-38570

9.1CRITICAL

Key Information:

Vendor
Foxit
Vendor
CVE Published:
11 August 2021

Summary

A vulnerability exists in both Foxit Reader and PhantomPDF that allows attackers to leverage symbolic links to delete arbitrary files during the uninstallation process. This flaw may lead to significant data loss or unauthorized system modifications, raising concerns for users and organizations relying on these applications for document management.

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.