CVE-2025-66499— Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability

CVSS 7.8 · High EPSS 0.08% · P23 Updated Dec 20, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-66499

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

整数溢出或超界折返

Source: NVD (National Vulnerability Database)

Vulnerability Title

Foxit PDF Reader 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Foxit PDF Reader是中国福昕（Foxit）公司的一款PDF阅读器。 Foxit PDF Reader存在安全漏洞，该漏洞源于处理特制JBIG2数据时存在堆缓冲区溢出，可能导致执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Foxit Software Inc.	Foxit PDF Reader	Versions 2025.2.1 and earlier	-
Foxit Software Inc.	Foxit PDF Editor	Versions 2025.2.1 and earlier	-

II. Public POCs for CVE-2025-66499

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-66499

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-66499

Same Patch Batch · Foxit Software Inc. · 2025-12-19 · 15 CVEs total

CVE-2025-13941	8.8 HIGH	Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation
CVE-2025-66495	7.8 HIGH	Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
CVE-2025-66493	7.8 HIGH	Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
CVE-2025-66494	7.8 HIGH	Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-66500	6.3 MEDIUM	Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability
CVE-2025-66501	6.3 MEDIUM	Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature
CVE-2025-66520	6.3 MEDIUM	Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling
CVE-2025-66521	6.3 MEDIUM	Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature
CVE-2025-66502	6.3 MEDIUM	Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature
CVE-2025-66519	6.3 MEDIUM	Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Layer Import Functionality
CVE-2025-66522	6.3 MEDIUM	Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field
CVE-2025-66497	5.3 MEDIUM	Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
CVE-2025-66496	5.3 MEDIUM	Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability
CVE-2025-66498	5.3 MEDIUM	Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability

IV. Related Vulnerabilities

Same product: Foxit PDF Reader

Same vendor: Foxit Software Inc.

Same weakness: CWE-190

V. Comments for CVE-2025-66499

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-66499— Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability

I. Basic Information for CVE-2025-66499

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-66499

III. Intelligence Information for CVE-2025-66499

Same Patch Batch · Foxit Software Inc. · 2025-12-19 · 15 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-66499

Leave a comment