CVE-2025-55310
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-11

Last updated on: 2025-12-18

Assigner: MITRE

Description
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-11
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55310
EUVD
EUVD-2025-202709
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
foxit pdf_editor to 13.1.7.63027 (inc)
foxit pdf_editor From 2023.1.0.55583 (inc) to 2023.3.0.63083 (inc)
foxit pdf_editor From 2024.1.0.63682 (inc) to 2024.4.1.66479 (inc)
foxit pdf_editor 2025.1.0.66692
foxit pdf_reader to 2025.1.0.66692 (inc)
apple macos *
foxit pdf_editor to 13.1.7.23637 (inc)
foxit pdf_editor From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc)
foxit pdf_editor From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc)
foxit pdf_editor 2025.1.0.27937
foxit pdf_reader to 2025.1.0.27937 (inc)
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-494 The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Foxit PDF and Editor for Windows and macOS before versions 13.2 and 2025 before 2025.2. An attacker who can alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content when it starts up.

Impact Analysis

The vulnerability may lead to information disclosure, unauthorized data access, or other security impacts by causing the application to load malicious content at startup.

Mitigation Strategies

To mitigate this vulnerability, ensure that the static HTML files used by the StartPage feature in Foxit PDF and Editor are not altered or replaced by unauthorized users. Restrict write permissions to these files and verify their integrity regularly. Additionally, update Foxit PDF and Editor to version 13.2 or later (for Windows and macOS) or 2025.2 or later to apply the fix.

Compliance Impact

The vulnerability may lead to information disclosure and unauthorized data access, which could impact compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data. However, specific effects on compliance are not detailed in the provided resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55310. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart