CVE-2025-32451

8.8 HIGH
Published: August 13, 2025 Modified: November 03, 2025
View on NVD

Description

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2202
Source: talos-cna@cisco.com
Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2202
Source: af854a3a-2127-422b-91ae-364da2661108

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.8 / 10.0
EPSS (Exploit Probability)
0.1%
32th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-824

Affected Vendors

foxit

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A