Foxit PDF Reader: Prepared PDFs can smuggle malicious code onto PCs
Security updates for Foxit PDF Reader and Editor close several security vulnerabilities.
(Image: Dilok Klaisataporn/Shutterstock.com)
Because Foxit PDF Reader and Editor are vulnerable, attackers can attack macOS and Windows computers. Versions equipped against this are available for download. There are currently no reports whether attackers are already exploiting the vulnerabilities.
Effects of attacks
As can be seen from the security section of the Foxit website, the developers have closed several security gaps. In the worst-case scenario, malicious code can get onto systems and compromise them completely. This can occur via PDFs prepared with JavaScript (e.g., CVE-2025-55313 “high”). However, it can be assumed that victims have to play along and open a file so that an attack can be launched.
Attackers can also make manipulated documents appear legitimate (CVE-2025-55311 “medium”). Furthermore, information can be leaked (CVE-2025-55307 “low”) or crashes can occur (CVE-2025-32451 “high”).
Videos by heise
The developers assure that they have secured the following editions against the described attacks.
macOS/Windows:
- PDF Editor 2025.2, 13.2, 14.0
- PDF Reader 2025.2
The developers last closed security vulnerabilities in December 2024.
(des)
