CVE-2025-13941
BaseFortify
Publication date: 2025-12-19
Last updated on: 2025-12-23
Assigner: Foxit
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | to 13.2.1.23955 (inc) |
| foxit | pdf_editor | From 14.0.0.33046 (inc) to 14.0.1.33197 (inc) |
| foxit | pdf_editor | From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc) |
| foxit | pdf_editor | From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc) |
| foxit | pdf_editor | From 2025.1.0.27937 (inc) to 2025.2.1.33197 (inc) |
| foxit | pdf_reader | to 2025.2.1.33197 (inc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue in the Foxit PDF Reader/Editor Update Service. It occurs because the update service assigns incorrect file system permissions to resources during plugin installation. A local attacker with low privileges can modify or replace these resources, which the service later executes, allowing the attacker to run arbitrary code with SYSTEM-level privileges.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with limited privileges to escalate their rights to SYSTEM level, potentially gaining full control over the affected system. This could lead to unauthorized code execution, data compromise, or disruption of system operations.