CVE-2025-59802
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-11

Last updated on: 2025-12-18

Assigner: MITRE

Description
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-11
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59802
EUVD
EUVD-2025-202693
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
foxit pdf_editor to 13.2.0.63256 (inc)
foxit pdf_editor From 2023.1.0.55583 (inc) to 2023.3.0.63083 (inc)
foxit pdf_editor From 2024.1.0.63682 (inc) to 2024.4.1.66479 (inc)
foxit pdf_editor 14.0.0.68868
foxit pdf_editor 2025.1.0.66692
foxit pdf_editor 2025.2.0.68868
foxit pdf_reader to 2025.2.0.68868 (inc)
apple macos *
foxit pdf_editor to 13.2.0.23874 (inc)
foxit pdf_editor From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc)
foxit pdf_editor From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc)
foxit pdf_editor 14.0.0.33046
foxit pdf_editor 2025.1.0.27937
foxit pdf_editor 2025.2.0.33046
foxit pdf_reader to 2025.2.0.33046 (inc)
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Foxit PDF Editor and Reader before version 2025.2.1 allows an attacker to spoof digital signatures using Optional Content Groups (OCG). The state property of an OCG is runtime-only and not included in the digital signature computation, so an attacker can use JavaScript or PDF triggers to change the visibility of OCG content after the document is signed. This means the visual content of a signed PDF can be altered without invalidating the signature, causing a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature.

Impact Analysis

This vulnerability can impact you by allowing attackers to modify the visible content of a digitally signed PDF without breaking the signature's validity. This can lead to misinformation, fraud, or unauthorized changes appearing legitimate, potentially causing trust issues, legal problems, or financial loss if the signed documents are relied upon for critical decisions.

Mitigation Strategies

Update Foxit PDF Editor and Reader to version 2025.2.1 or later, or to versions 14.0.1 or 13.2.1, which contain the fix for this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59802. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart