CVE-2025-66498

Summary

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF ReaderVersions 2025.2.1 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 14.0.1 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 13.2.1 and earileraffected
Foxit Software Inc.Foxit PDF EditorVersions 2025.2.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 13.2.1 and earileraffected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References