{"timestamp":"2025-12-19T17:18:28.141641Z","id":"CVE-2025-66497","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Foxit Software Inc.","product":"Foxit PDF Reader","defaultStatus":"unaffected","platforms":["Windows","MacOS"],"versions":[{"version":"Versions 2025.2.1 and earlier","status":"affected"},{"version":"Versions 14.0.1 and earlier","status":"affected"},{"version":"Versions 13.2.1 and eariler","status":"affected"}]},{"vendor":"Foxit Software Inc.","product":"Foxit PDF Editor","defaultStatus":"unaffected","platforms":["Windows","MacOS"],"versions":[{"version":"Versions 2025.2.1 and earlier","status":"affected"},{"version":"Versions 14.0.1 and earlier","status":"affected"},{"version":"Versions 13.2.1 and eariler","status":"affected"}]}]

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787

AND
     OR
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 2023.1.0.15510 up to (including) 2023.3.0.23028
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 2024.1.0.23997 up to (including) 2024.4.1.27687
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions up to (including) 13.2.1.23955
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 14.0.0.33046 up to (including) 14.0.1.33197
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 2025.1.0.27937 up to (including) 2025.2.1.33197
          *cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:* versions up to (including) 2025.2.1.33197
     OR
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 2023.1.0.15510 up to (including) 2023.3.0.63083
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions up to (including) 13.2.1.63315
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 14.0.0.33046 up to (including) 14.0.1.69005
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 2024.1.0.23997 up to (including) 2024.4.1.66479
          *cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* versions from (including) 2025.1.0.27937 up to (including) 2025.2.1.69005
          *cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:* versions up to (including) 2025.2.1.69005
     OR
          cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Foxit: https://www.foxit.com/support/security-bulletins.html Types: Vendor Advisory

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-125

https://www.foxit.com/support/security-bulletins.html