2 matches found
CVE-2025-59803
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers e.g., JavaScript in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the...
CVE-2025-59802
Summary: CVE-2025-59802 affects Foxit PDF Editor/Reader prior to 2025.2.1. The issue is signature spoofing via Optional Content Groups (OCG): the OCG state is runtime-only and not included in the signature buffer, allowing an attacker to dynamically flip OCG visibility after signing (Post-Sign) u...