Vulnerability Description
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxit | Pdf Editor | <= 13.1.7.63027 |
| Foxit | Pdf Reader | <= 2025.1.0.66692 |
| Apple | Macos | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.foxit.com/support/security-bulletins.htmlVendor Advisory
FAQ
What is CVE-2025-55309?
CVE-2025-55309 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destr...
How severe is CVE-2025-55309?
CVE-2025-55309 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55309?
Check the references section above for vendor advisories and patch information. Affected products include: Foxit Pdf Editor, Foxit Pdf Reader, Apple Macos, Microsoft Windows.