Use-After-Free Vulnerability in Foxit PDF and Editor for Windows and macOS
CVE-2025-55309

6.7MEDIUM

Key Information:

Vendor: Foxit
Status: Foxit PDF and Editor
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-55309?

A use-after-free vulnerability has been identified in Foxit PDF and Foxit Editor for both Windows and macOS platforms, specifically in versions prior to 13.2 and 2025 before 2025.2. This vulnerability arises when a crafted PDF file includes JavaScript that triggers an OnBlur action associated with a form field, leading to the destruction of an annotation. An improper handling of focus changes during user interactions can result in the premature release of the annotation object, ultimately causing memory corruption or potentially crashing the application. This security risk is vital for users to acknowledge, ensuring they take appropriate measures to mitigate exposure.

References

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Aug 12, 2025

JSON