Signature Spoofing Vulnerability in Foxit PDF Editor and Reader
CVE-2025-59803

5.3MEDIUM

Key Information:

Vendor: Foxit Software Inc.
Status: Foxit PDF Editor and Reader
Vendor: CVE Published:; 11 December 2025

🔔 Create Foxit Software Inc. Vulnerability Alert

What is CVE-2025-59803?

Foxit PDF Editor and Reader prior to version 2025.2.1 are susceptible to a signature spoofing vulnerability. This allows an attacker to embed malicious triggers, such as JavaScript, in a PDF document. During the signing process, these embedded triggers can execute without the user's knowledge, leading to modifications in other pages or optional content layers of the document. As a result, the signed PDF may present different content than what was initially viewed by the signer, significantly compromising the integrity and trust in the digital signature.

References

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Sep 22, 2025

JSON