SecuriTricks - CVE-2025-66496

Description

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

Product(s) Impacted

Vendor	Product	Versions
Foxit	Pdf Editor Pdf Reader	* *
Microsoft	Windows	-

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	foxit	pdf_editor	/	/	/	/	/	/	/	/
a	foxit	pdf_editor	/	/	/	/	/	/	/	/
a	foxit	pdf_editor	/	/	/	/	/	/	/	/
a	foxit	pdf_editor	/	/	/	/	/	/	/	/
a	foxit	pdf_editor	/	/	/	/	/	/	/	/
a	foxit	pdf_reader	/	/	/	/	/	/	/	/
o	microsoft	windows	-	/	/	/	/	/	/	/

References

https://www.foxit.com/support/security-bulletins.html

CVSS Score

5.3 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

View Vector String

Timeline

Published: Dec. 19, 2025, 7:16 a.m.
Last Modified: Dec. 23, 2025, 5:36 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

14984358-7092-470d-8f34-ade47a7658a2

CVE-2025-66496