Vulners
Lucene search
Foxit PDF Reader < 2025.2.1 Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | CVE-2025-59802 | 11 Dec 202517:42 | – | circl |
| CVE-2025-59803 | 11 Dec 202518:02 | – | circl |
 | Foxit PDF Reader和Foxit PDF Editor 安全漏洞 | 11 Dec 202500:00 | – | cnnvd |
| Foxit PDF Reader和Foxit PDF Editor 安全漏洞 | 11 Dec 202500:00 | – | cnnvd |
 | CVE-2025-59802 | 11 Dec 202500:00 | – | cve |
| CVE-2025-59803 | 11 Dec 202500:00 | – | cve |
 | CVE-2025-59802 | 11 Dec 202500:00 | – | cvelist |
| CVE-2025-59803 | 11 Dec 202500:00 | – | cvelist |
 | EUVD-2025-202692 | 11 Dec 202518:30 | – | euvd |
| EUVD-2025-202693 | 11 Dec 202518:30 | – | euvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(266083);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/19");
script_cve_id("CVE-2025-59802", "CVE-2025-59803");
script_xref(name:"IAVA", value:"2025-A-0709-S");
script_name(english:"Foxit PDF Reader < 2025.2.1 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"A PDF viewer installed on the remote Windows host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"According to its version, the Foxit PDF Reader application (previously named Foxit Reader) installed on the remote
Windows host is prior to 2025.2.1. It is, therefore affected by multiple vulnerabilities:
- Addressed potential issues where the application could deliver incorrect signature verification
information when handling certain signed documents that contain JavaScripts, which attackers could exploit
to manipulate document content and deceive users into trusting the manipulated documents. This occurs as
the application fails to perform proper validation of cryptographic signatures after the visibility of
certain optional content groups is dynamically altered by JavaScripts or triggers during the post-signing
phase. (CVE-2025-59802)
- Address a potential issue where the application could be exposed to a Signature-Based Trust Bypass
vulnerability when handling certain documents that are embedded with specific triggers in the signing
phase, which attackers could exploit to deceive users into signing the manipulated documents. This occurs
as the application fails to explicitly prompt users after the self-modification action is triggered to
modify the document during the pre-signing phase. (CVE-2025-59803)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.foxitsoftware.com/support/security-bulletins.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a27a3e57");
script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit PDF Reader version 2025.2.1 or later");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-59803");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-59802");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/25");
script_set_attribute(attribute:"patch_publication_date", value:"2025/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:foxit_reader");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("foxit_reader_installed.nasl");
script_require_keys("installed_sw/Foxit Reader");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [
{'scope': 'target', 'match': {'os': 'windows'}}
],
'checks': [
{
'product': {'name': 'Foxit Reader', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{'max_version': '2025.2.0.33046', 'fixed_version': '2025.2.1'}
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.17.5
EPSS0.0004
SSVC