Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-66496
PUBLISHED
More InfoOfficial Page
Assigner-Foxit
Assigner Org ID-14984358-7092-470d-8f34-ade47a7658a2
View Known Exploited Vulnerability (KEV) details
Published At-19 Dec, 2025 | 07:10
Updated At-19 Dec, 2025 | 17:19
Rejected At-
▼CVE Numbering Authority (CNA)
Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

Affected Products
Vendor
Foxit Software Inc.
Product
Foxit PDF Reader
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • Versions 2025.2.1 and earlier
  • Versions 14.0.1 and earlier
  • Versions 13.2.1 and eariler
Vendor
Foxit Software Inc.
Product
Foxit PDF Editor
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • Versions 2025.2.1 and earlier
  • Versions 14.0.1 and earlier
  • Versions 13.2.1 and eariler
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
N/AMemory corruption
CAPEC ID: N/A
Description: Memory corruption
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Mat Powell of Trend of Trend Micro Zero Day Initiative
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.foxit.com/support/security-bulletins.html
N/A
Hyperlink: https://www.foxit.com/support/security-bulletins.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found