Vulnerability-Lookup

CVE-2025-9330 (GCVE-0-2025-9330)

Vulnerability from cvelistv5 – Published: 2025-09-02 20:09 – Updated: 2025-09-02 20:39

Title

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Summary

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709.

Severity ?

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

zdi

References

2 references

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_research-advisory
https://www.foxit.com/support/security-bulletins.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Foxit	PDF Reader	Affected: 2025.1.0.27937

Date Public ?

2025-08-21 20:12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T20:39:09.300324Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T20:39:14.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PDF Reader",
          "vendor": "Foxit",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1.0.27937"
            }
          ]
        }
      ],
      "dateAssigned": "2025-08-21T19:50:26.662Z",
      "datePublic": "2025-08-21T20:12:07.977Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427: Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-02T20:09:51.190Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-870",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-870/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.foxit.com/support/security-bulletins.html"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Alexander Staalgaard"
      },
      "title": "Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-9330",
    "datePublished": "2025-09-02T20:09:51.190Z",
    "dateReserved": "2025-08-21T19:50:26.628Z",
    "dateUpdated": "2025-09-02T20:39:14.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-9330",
      "date": "2026-05-13",
      "epss": "0.00015",
      "percentile": "0.03266"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9330\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2025-09-02T21:15:35.703\",\"lastModified\":\"2025-09-08T13:52:46.100\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"13.1.7.23637\",\"matchCriteriaId\":\"F900FF8A-7BFA-442E-BC8C-5A3717961DD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2023.1.0.15510\",\"versionEndIncluding\":\"2023.3.0.23028\",\"matchCriteriaId\":\"0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2024.1.0.23997\",\"versionEndIncluding\":\"2024.4.1.27687\",\"matchCriteriaId\":\"2C06BC41-9831-4AE3-B10B-3FC313D01580\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FDC914F-B999-4233-8BEA-CA20B1F0D9D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2025.1.0.27937\",\"matchCriteriaId\":\"DB827B5A-9957-43B2-A633-EF5442A2EF35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://www.foxit.com/support/security-bulletins.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-25-870/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9330\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-02T20:39:09.300324Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-02T20:39:11.088Z\"}}], \"cna\": {\"title\": \"Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability\", \"source\": {\"lang\": \"en\", \"value\": \"Alexander Staalgaard\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Foxit\", \"product\": \"PDF Reader\", \"versions\": [{\"status\": \"affected\", \"version\": \"2025.1.0.27937\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2025-08-21T20:12:07.977Z\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-25-870/\", \"name\": \"ZDI-25-870\", \"tags\": [\"x_research-advisory\"]}, {\"url\": \"https://www.foxit.com/support/security-bulletins.html\", \"name\": \"vendor-provided URL\", \"tags\": [\"vendor-advisory\"]}], \"dateAssigned\": \"2025-08-21T19:50:26.662Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427: Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"shortName\": \"zdi\", \"dateUpdated\": \"2025-09-02T20:09:51.190Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9330\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-02T20:39:14.133Z\", \"dateReserved\": \"2025-08-21T19:50:26.628Z\", \"assignerOrgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"datePublished\": \"2025-09-02T20:09:51.190Z\", \"assignerShortName\": \"zdi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-98MC-HVGQ-QGQJ

Vulnerability from github – Published: 2025-09-02 21:30 – Updated: 2025-09-02 21:30

Details

The specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709.

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-9330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-02T21:15:35Z",
    "severity": "HIGH"
  },
  "details": "Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709.",
  "id": "GHSA-98mc-hvgq-qgqj",
  "modified": "2025-09-02T21:30:59Z",
  "published": "2025-09-02T21:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9330"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-870"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-9330

Vulnerability from fkie_nvd - Published: 2025-09-02 21:15 - Updated: 2025-09-08 13:52

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	zdi-disclosures@trendmicro.com	https://www.foxit.com/support/security-bulletins.html	Vendor Advisory
	zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-25-870/	Third Party Advisory

Impacted products

Vendor	Product	Version
foxit	pdf_editor	*
foxit	pdf_editor	*
foxit	pdf_editor	*
foxit	pdf_editor	2025.1.0.27937
foxit	pdf_reader	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F900FF8A-7BFA-442E-BC8C-5A3717961DD5",
              "versionEndIncluding": "13.1.7.23637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64",
              "versionEndIncluding": "2023.3.0.23028",
              "versionStartIncluding": "2023.1.0.15510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580",
              "versionEndIncluding": "2024.4.1.27687",
              "versionStartIncluding": "2024.1.0.23997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FDC914F-B999-4233-8BEA-CA20B1F0D9D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB827B5A-9957-43B2-A633-EF5442A2EF35",
              "versionEndIncluding": "2025.1.0.27937",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709."
    }
  ],
  "id": "CVE-2025-9330",
  "lastModified": "2025-09-08T13:52:46.100",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-02T21:15:35.703",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-870/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

CNVD-2025-27455

Vulnerability from cnvd - Published: 2025-11-10

Title

Foxit PDF Reader代码问题漏洞（CNVD-2025-27455）

Description

Foxit PDF Reader是中国福昕（Foxit）公司的一款PDF阅读器。 Foxit PDF Reader存在安全漏洞，攻击者可利用该漏洞导致本地权限提升。

Severity

中

Patch Name

Foxit PDF Reader代码问题漏洞（CNVD-2025-27455）的补丁

Patch Description

Foxit PDF Reader是中国福昕（Foxit）公司的一款PDF阅读器。 Foxit PDF Reader存在安全漏洞，攻击者可利用该漏洞导致本地权限提升。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.foxit.com/support/security-bulletins.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-9330

Impacted products

Name
Foxit PDF Reader

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-9330",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-9330"
    }
  },
  "description": "Foxit PDF Reader\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u516c\u53f8\u7684\u4e00\u6b3ePDF\u9605\u8bfb\u5668\u3002\n\nFoxit PDF Reader\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u6743\u9650\u63d0\u5347\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.foxit.com/support/security-bulletins.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-27455",
  "openTime": "2025-11-10",
  "patchDescription": "Foxit PDF Reader\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u516c\u53f8\u7684\u4e00\u6b3ePDF\u9605\u8bfb\u5668\u3002\r\n\r\nFoxit PDF Reader\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foxit PDF Reader\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2025-27455\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Foxit PDF Reader"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-9330",
  "serverity": "\u4e2d",
  "submitTime": "2025-09-04",
  "title": "Foxit PDF Reader\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2025-27455\uff09"
}

WID-SEC-W-2025-1815

Vulnerability from csaf_certbund - Published: 2025-08-12 22:00 - Updated: 2025-12-11 23:00

Summary

Foxit PDF Editor und Reader: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Foxit Reader ist ein PDF Reader. Foxit PDF Editor ist ein Tool zur Bearbeitung von PDF-Dateien.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Foxit Reader und Foxit PDF Editor ausnutzen, um erweiterte Berechtigungen zu erlangen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, beliebigen Code auszuführen oder Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme: - MacOS X - Windows

CVE-2025-32451

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2

CVE-2025-55307

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-55308

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-55309

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-55310

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-55311

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-55312

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-55313

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-55314

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9323

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9324

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9325

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9326

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9327

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9328

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9329

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

CVE-2025-9330

Affected products

Known affected 5 products

Product	Identifier	Version	Remediation
Foxit PDF Editor <14.0/13.2 Foxit / PDF Editor		<14.0/13.2
Foxit PDF Editor Mac <2025.2/14.0/13.2 Foxit / PDF Editor		Mac <2025.2/14.0/13.2
Foxit PDF Reader <2025.2 Foxit / PDF Reader		<2025.2
Foxit PDF Editor <2025.2 Foxit / PDF Editor		<2025.2
Foxit PDF Reader Mac <2025.2 Foxit / PDF Reader		Mac <2025.2

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.foxit.com/support/security-bulletins.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Foxit Reader ist ein PDF Reader.\r\nFoxit PDF Editor ist ein Tool zur Bearbeitung von PDF-Dateien.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Foxit Reader und Foxit PDF Editor ausnutzen, um erweiterte Berechtigungen zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren oder Sicherheitsma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1815 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1815.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1815 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1815"
      },
      {
        "category": "external",
        "summary": "Foxit Security Bulletins August 2025 vom 2025-08-12",
        "url": "https://www.foxit.com/support/security-bulletins.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Foxit PDF Editor und Reader: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-12-11T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-12T09:16:13.176+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-1815",
      "initial_release_date": "2025-08-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-13T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-24572"
        },
        {
          "date": "2025-08-17T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVE-Nummern erg\u00e4nzt"
        },
        {
          "date": "2025-08-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "CVE- und ZDI-Referenzen erg\u00e4nzt"
        },
        {
          "date": "2025-09-02T22:00:00.000+00:00",
          "number": "5",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-26458, EUVD-2025-26460, EUVD-2025-26461, EUVD-2025-26459, EUVD-2025-26462"
        },
        {
          "date": "2025-09-03T22:00:00.000+00:00",
          "number": "6",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-26575"
        },
        {
          "date": "2025-12-11T23:00:00.000+00:00",
          "number": "7",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-202706, EUVD-2025-202707, EUVD-2025-202708, EUVD-2025-202709, EUVD-2025-202710, EUVD-2025-202711, EUVD-2025-202691, EUVD-2025-202702"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2025.2",
                "product": {
                  "name": "Foxit PDF Editor \u003c2025.2",
                  "product_id": "T046186"
                }
              },
              {
                "category": "product_version",
                "name": "2025.2",
                "product": {
                  "name": "Foxit PDF Editor 2025.2",
                  "product_id": "T046186-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:foxitsoftware:pdf_editor:2025.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14.0/13.2",
                "product": {
                  "name": "Foxit PDF Editor \u003c14.0/13.2",
                  "product_id": "T046187"
                }
              },
              {
                "category": "product_version",
                "name": "14.0/13.2",
                "product": {
                  "name": "Foxit PDF Editor 14.0/13.2",
                  "product_id": "T046187-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:foxitsoftware:pdf_editor:14.013.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Mac \u003c2025.2/14.0/13.2",
                "product": {
                  "name": "Foxit PDF Editor Mac \u003c2025.2/14.0/13.2",
                  "product_id": "T046188"
                }
              },
              {
                "category": "product_version",
                "name": "Mac 2025.2/14.0/13.2",
                "product": {
                  "name": "Foxit PDF Editor Mac 2025.2/14.0/13.2",
                  "product_id": "T046188-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:foxitsoftware:pdf_editor:mac__2025.214.013.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PDF Editor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2025.2",
                "product": {
                  "name": "Foxit PDF Reader \u003c2025.2",
                  "product_id": "T046185"
                }
              },
              {
                "category": "product_version",
                "name": "2025.2",
                "product": {
                  "name": "Foxit PDF Reader 2025.2",
                  "product_id": "T046185-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:foxitsoftware:foxit_reader:2025.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Mac \u003c2025.2",
                "product": {
                  "name": "Foxit PDF Reader Mac \u003c2025.2",
                  "product_id": "T046189"
                }
              },
              {
                "category": "product_version",
                "name": "Mac 2025.2",
                "product": {
                  "name": "Foxit PDF Reader Mac 2025.2",
                  "product_id": "T046189-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:foxitsoftware:foxit_reader:mac__2025.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PDF Reader"
          }
        ],
        "category": "vendor",
        "name": "Foxit"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32451",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046185",
          "T046186"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-32451"
    },
    {
      "cve": "CVE-2025-55307",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55307"
    },
    {
      "cve": "CVE-2025-55308",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55308"
    },
    {
      "cve": "CVE-2025-55309",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55309"
    },
    {
      "cve": "CVE-2025-55310",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55310"
    },
    {
      "cve": "CVE-2025-55311",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55311"
    },
    {
      "cve": "CVE-2025-55312",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55312"
    },
    {
      "cve": "CVE-2025-55313",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55313"
    },
    {
      "cve": "CVE-2025-55314",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-55314"
    },
    {
      "cve": "CVE-2025-9323",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9323"
    },
    {
      "cve": "CVE-2025-9324",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9324"
    },
    {
      "cve": "CVE-2025-9325",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9325"
    },
    {
      "cve": "CVE-2025-9326",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9326"
    },
    {
      "cve": "CVE-2025-9327",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9327"
    },
    {
      "cve": "CVE-2025-9328",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9328"
    },
    {
      "cve": "CVE-2025-9329",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9329"
    },
    {
      "cve": "CVE-2025-9330",
      "product_status": {
        "known_affected": [
          "T046187",
          "T046188",
          "T046185",
          "T046186",
          "T046189"
        ]
      },
      "release_date": "2025-08-12T22:00:00.000+00:00",
      "title": "CVE-2025-9330"
    }
  ]
}

NCSC-2025-0267

Vulnerability from csaf_ncscnl - Published: 2025-08-25 11:26 - Updated: 2025-08-25 11:26

Summary

Kwetsbaarheden verholpen in Foxit Reader

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Foxit heeft kwetsbaarheden verholpen in Foxit Reader (Specifiek voor versie 2025.1.0.27937).

Interpretaties: De kwetsbaarheden bevinden zich in de manier waarop Foxit Reader omgaat met PDF-bestanden. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door gebruikers te verleiden om een kwaadaardig PDF-bestand te openen of een schadelijke website te bezoeken, wat kan leiden tot de uitvoering van willekeurige code op het systeem van de gebruiker.

Oplossingen: Foxit heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-125: Out-of-bounds Read

CWE-427: Uncontrolled Search Path Element

CWE-824: Access of Uninitialized Pointer

CVE-2025-32451

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-824 - Access of Uninitialized Pointer

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55307

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55308

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55309

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55310

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55311

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55312

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55313

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-55314

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9323

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9324

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9325

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9326

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9327

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9328

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9329

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

CVE-2025-9330

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
vers:unknown/<14.013.2 Foxit / PDF Editor		vers:unknown/<14.013.2
vers:unknown/<2025.2 Foxit / PDF Editor		vers:unknown/<2025.2
vers:unknown/<2025.2 Foxit / PDF Reader		vers:unknown/<2025.2
vers:unknown/mac <2025.2 Foxit / PDF Reader		vers:unknown/mac <2025.2

References

18 references

URL	Category
https://www.foxit.com/support/security-bulletins.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Foxit heeft kwetsbaarheden verholpen in Foxit Reader (Specifiek voor versie 2025.1.0.27937).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden bevinden zich in de manier waarop Foxit Reader omgaat met PDF-bestanden. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door gebruikers te verleiden om een kwaadaardig PDF-bestand te openen of een schadelijke website te bezoeken, wat kan leiden tot de uitvoering van willekeurige code op het systeem van de gebruiker.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Foxit heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Uncontrolled Search Path Element",
        "title": "CWE-427"
      },
      {
        "category": "general",
        "text": "Access of Uninitialized Pointer",
        "title": "CWE-824"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.foxit.com/support/security-bulletins.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Foxit Reader",
    "tracking": {
      "current_release_date": "2025-08-25T11:26:17.380689Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.2"
        }
      },
      "id": "NCSC-2025-0267",
      "initial_release_date": "2025-08-25T11:26:17.380689Z",
      "revision_history": [
        {
          "date": "2025-08-25T11:26:17.380689Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/\u003c14.013.2",
                "product": {
                  "name": "vers:unknown/\u003c14.013.2",
                  "product_id": "CSAFPID-3050308"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/\u003c2025.2",
                "product": {
                  "name": "vers:unknown/\u003c2025.2",
                  "product_id": "CSAFPID-3050310"
                }
              }
            ],
            "category": "product_name",
            "name": "PDF Editor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/\u003c2025.2",
                "product": {
                  "name": "vers:unknown/\u003c2025.2",
                  "product_id": "CSAFPID-3071913"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/mac \u003c2025.2",
                "product": {
                  "name": "vers:unknown/mac \u003c2025.2",
                  "product_id": "CSAFPID-3071914"
                }
              }
            ],
            "category": "product_name",
            "name": "PDF Reader"
          }
        ],
        "category": "vendor",
        "name": "Foxit"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32451",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Uninitialized Pointer",
          "title": "CWE-824"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32451 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32451.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-3050308",
            "CSAFPID-3050310",
            "CSAFPID-3071913",
            "CSAFPID-3071914"
          ]
        }
      ],
      "title": "CVE-2025-32451"
    },
    {
      "cve": "CVE-2025-55307",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55307 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55307.json"
        }
      ],
      "title": "CVE-2025-55307"
    },
    {
      "cve": "CVE-2025-55308",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55308 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55308.json"
        }
      ],
      "title": "CVE-2025-55308"
    },
    {
      "cve": "CVE-2025-55309",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55309 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55309.json"
        }
      ],
      "title": "CVE-2025-55309"
    },
    {
      "cve": "CVE-2025-55310",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55310 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55310.json"
        }
      ],
      "title": "CVE-2025-55310"
    },
    {
      "cve": "CVE-2025-55311",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55311 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55311.json"
        }
      ],
      "title": "CVE-2025-55311"
    },
    {
      "cve": "CVE-2025-55312",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55312 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55312.json"
        }
      ],
      "title": "CVE-2025-55312"
    },
    {
      "cve": "CVE-2025-55313",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55313 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55313.json"
        }
      ],
      "title": "CVE-2025-55313"
    },
    {
      "cve": "CVE-2025-55314",
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55314 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55314.json"
        }
      ],
      "title": "CVE-2025-55314"
    },
    {
      "cve": "CVE-2025-9323",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9323 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9323.json"
        }
      ],
      "title": "CVE-2025-9323"
    },
    {
      "cve": "CVE-2025-9324",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9324 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9324.json"
        }
      ],
      "title": "CVE-2025-9324"
    },
    {
      "cve": "CVE-2025-9325",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9325 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9325.json"
        }
      ],
      "title": "CVE-2025-9325"
    },
    {
      "cve": "CVE-2025-9326",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9326 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9326.json"
        }
      ],
      "title": "CVE-2025-9326"
    },
    {
      "cve": "CVE-2025-9327",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9327 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9327.json"
        }
      ],
      "title": "CVE-2025-9327"
    },
    {
      "cve": "CVE-2025-9328",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9328 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9328.json"
        }
      ],
      "title": "CVE-2025-9328"
    },
    {
      "cve": "CVE-2025-9329",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9329 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9329.json"
        }
      ],
      "title": "CVE-2025-9329"
    },
    {
      "cve": "CVE-2025-9330",
      "notes": [
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-3050308",
          "CSAFPID-3050310",
          "CSAFPID-3071913",
          "CSAFPID-3071914"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9330 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9330.json"
        }
      ],
      "title": "CVE-2025-9330"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-9330 (GCVE-0-2025-9330)

GHSA-98MC-HVGQ-QGQJ

FKIE_CVE-2025-9330

CNVD-2025-27455

WID-SEC-W-2025-1815

NCSC-2025-0267

Tags

Sightings

Nomenclature