CVE-2025-59803
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | to 13.2.0.63256 (inc) |
| foxit | pdf_editor | From 2023.1.0.55583 (inc) to 2023.3.0.63083 (inc) |
| foxit | pdf_editor | From 2024.1.0.63682 (inc) to 2024.4.1.66479 (inc) |
| foxit | pdf_editor | 14.0.0.68868 |
| foxit | pdf_editor | 2025.1.0.66692 |
| foxit | pdf_editor | 2025.2.0.68868 |
| foxit | pdf_reader | to 2025.2.0.68868 (inc) |
| apple | macos | * |
| foxit | pdf_editor | to 13.2.0.23874 (inc) |
| foxit | pdf_editor | From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc) |
| foxit | pdf_editor | From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc) |
| foxit | pdf_editor | 14.0.0.33046 |
| foxit | pdf_editor | 2025.1.0.27937 |
| foxit | pdf_editor | 2025.2.0.33046 |
| foxit | pdf_reader | to 2025.2.0.33046 (inc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Foxit PDF Editor and Reader before version 2025.2.1 allows an attacker to embed triggers, such as JavaScript, in a PDF document that execute during the signing process. When a signer reviews the document, it appears normal, but after the signature is applied, these triggers can modify content on other pages or optional content layers without any explicit warning. This means the signed PDF can differ from what the signer originally saw, enabling signature spoofing and undermining the trustworthiness of the digital signature.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to alter the content of a signed PDF document after you have reviewed and signed it, without your knowledge. This undermines the integrity and trustworthiness of the digital signature, potentially leading to acceptance of fraudulent or manipulated documents. It can cause you to rely on documents that have been tampered with post-signature, which may have legal, financial, or operational consequences.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Foxit PDF Editor and Reader to version 2025.2.1, 14.0.1, or 13.2.1 or later, as these versions contain the fix for the signature spoofing issue.