Introduction
Attackers can achieve arbitrary code execution on user systems if Foxit PDF Reader 2025.1.0.27937 processes a malicious PDF containing crafted JavaScript. This vulnerability, tracked as CVE-2025-32451, impacts one of the most widely deployed PDF readers in both enterprise and consumer environments.
About Foxit Software: Foxit Software is a major player in the global PDF technology market, with over 700 million users and a suite of products spanning PDF creation, editing, and viewing. Foxit Reader is a popular alternative to Adobe Acrobat Reader, especially in business and government sectors. The company's products are integrated into workflows worldwide, making vulnerabilities in Foxit Reader highly impactful across industries.
Technical Information
CVE-2025-32451 is a memory corruption vulnerability in Foxit PDF Reader 2025.1.0.27937. The flaw is rooted in the use of an uninitialized pointer during the processing of JavaScript embedded in PDF documents. Specifically, the vulnerability is triggered when Foxit Reader processes a PDF containing a malicious JavaScript payload. If certain fields in signature objects are missing during PDF signature verification, the application fails to properly initialize a pointer before use. This results in irregular memory access and corruption.
The vulnerability is classified as CWE-824 (Access of Uninitialized Pointer). Attackers can exploit this by crafting a PDF that embeds JavaScript designed to trigger the uninitialized pointer access. Successful exploitation can corrupt memory and allow execution of arbitrary code with the privileges of the user running Foxit Reader. The attack can be delivered either by convincing a user to open a malicious PDF or by luring them to a website that serves the PDF if the Foxit browser plugin extension is enabled.
No public code snippets or exploit samples are available in the referenced advisories. The technical root cause is the absence of certain fields in signature objects during verification, leading to unsafe pointer usage in the JavaScript processing engine.
Affected Systems and Versions
- Foxit PDF Reader 2025.1.0.27937 is confirmed vulnerable.
- Vulnerability affects both desktop application and browser plugin extension configurations.
- Exploitation requires either opening a malicious PDF or visiting a site serving such a PDF with the plugin enabled.
Vendor Security History
Foxit Software has a documented history of memory corruption and JavaScript engine vulnerabilities in its PDF products. Notable examples include:
- CVE-2020-14425: JavaScript-based RCE in Foxit Reader
- CVE-2024-28888: Use-after-free vulnerability enabling code execution
- Research in 2022 found Foxit using an outdated V8 JavaScript engine, exposing users to known vulnerabilities
Foxit typically releases timely patches and detailed security bulletins. However, the recurrence of similar vulnerability classes points to ongoing challenges in secure development and dependency management.