Foxit PDF Editor for Mac < 13.2.1 / 14.0.1 / 2025.2.1 Multiple Vulnerabilities

🗓️ 30 Sep 2025 00:00:00Reported by TenableType

Foxit PDF Editor for Mac before 2025.2.1/14.0.1 has vulnerabilities causing trust bypass and signature verification issues.

Reporter	Title	Published	Views	Family All 24
Circl	CVE-2025-59802	11 Dec 202517:42	–	circl
Circl	CVE-2025-59803	11 Dec 202518:02	–	circl
CNNVD	Foxit PDF Reader和Foxit PDF Editor 安全漏洞	11 Dec 202500:00	–	cnnvd
CNNVD	Foxit PDF Reader和Foxit PDF Editor 安全漏洞	11 Dec 202500:00	–	cnnvd
CVE	CVE-2025-59802	11 Dec 202500:00	–	cve
CVE	CVE-2025-59803	11 Dec 202500:00	–	cve
Cvelist	CVE-2025-59802	11 Dec 202500:00	–	cvelist
Cvelist	CVE-2025-59803	11 Dec 202500:00	–	cvelist
EUVD	EUVD-2025-202692	11 Dec 202518:30	–	euvd
EUVD	EUVD-2025-202693	11 Dec 202518:30	–	euvd

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(266311);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-59802", "CVE-2025-59803");
  script_xref(name:"IAVA", value:"2025-A-0709-S");

  script_name(english:"Foxit PDF Editor for Mac < 13.2.1 / 14.0.1 / 2025.2.1 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A PDF toolkit installed on the remote macOS host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed
on the remote macOS host is prior to 2025.2.1/14.0.1/13.2.1. It is, therefore affected by multiple vulnerabilities:

  - Addressed potential issues where the application could deliver incorrect signature verification
    information when handling certain signed documents that contain JavaScripts, which attackers could exploit
    to manipulate document content and deceive users into trusting the manipulated documents. This occurs as
    the application fails to perform proper validation of cryptographic signatures after the visibility of
    certain optional content groups is dynamically altered by JavaScripts or triggers during the post-signing
    phase. (CVE-2025-59802)

  - Address a potential issue where the application could be exposed to a Signature-Based Trust Bypass
    vulnerability when handling certain documents that are embedded with specific triggers in the signing
    phase, which attackers could exploit to deceive users into signing the manipulated documents. This occurs
    as the application fails to explicitly prompt users after the self-modification action is triggered to
    modify the document during the pre-signing phase. (CVE-2025-59803)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://www.foxitsoftware.com/support/security-bulletins.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a27a3e57");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit PDF Editor for Mac version 13.2.1 / 14.0.1 / 2025.2.1 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-59803");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-59802");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantom");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantompdf");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_foxit_phantompdf_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Foxit PhantomPDF");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('Host/local_checks_enabled');

var os = get_kb_item('Host/MacOSX/Version');
if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');

var app_info = vcf::get_app_info(app:'Foxit PhantomPDF');

var constraints = [
  { 'max_version' : '13.2.0.63256', 'fixed_version' : '13.2.1', 'fixed_display' : '2025.2.1/14.0.1/13.2.1' },
  { 'min_version' : '14.0', 'max_version' : '14.0.0.68868', 'fixed_version' : '14.0.1', 'fixed_display' : '2025.2.1/14.0.1' },
  { 'min_version' : '2023.0', 'max_version' : '2023.3.0.63083', 'fixed_version' : '2025.2.1' },
  { 'min_version' : '2024.0', 'max_version' : '2024.4.1.66479', 'fixed_version' : '2025.2.1' },
  { 'min_version' : '2025.0', 'max_version' : '2025.2.0.68868', 'fixed_version' : '2025.2.1' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);

21 Jan 2026 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.17.5

EPSS0.0004

SSVC