Arbitrary Code Execution Vulnerability in Foxit PDF Editor for Windows and macOS
CVE-2025-55313

7.8HIGH

Key Information:

Vendor: Foxit Software
Status: Foxit PDF Editor
Vendor: CVE Published:; 11 December 2025

🔔 Create Foxit Software Vulnerability Alert

What is CVE-2025-55313?

A security flaw in Foxit PDF Editor for Windows and macOS allows attackers to execute arbitrary code through specially crafted PDF files. The vulnerability arises from inadequate handling of memory allocation failures when an excessively large value is assigned to the charLimit property of a form field via JavaScript. This flaw can lead to memory corruption, creating an opportunity for malicious actors to persuade users to open compromised files, thereby jeopardizing system integrity and data security.

References

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Aug 12, 2025

JSON