CVE-2025-32451
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_reader | 2025.1.0.27937 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue in Foxit Reader 2025.1.0.27937 caused by the use of an uninitialized pointer. It can be triggered by specially crafted Javascript code embedded in a malicious PDF file. When a user opens such a file, or visits a malicious website if the Foxit Reader browser plugin is enabled, the vulnerability can lead to memory corruption and allow an attacker to execute arbitrary code.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system. This means the attacker could potentially take control of your computer, steal data, install malware, or perform other malicious actions without your consent.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening PDF files from untrusted sources and disable the Foxit Reader browser plugin extension if enabled. Ensure that users are aware not to open suspicious PDF documents or visit untrusted websites that may contain malicious PDFs. Applying any available updates or patches from Foxit for version 2025.1.0.27937 is also recommended once released.