Foxit PDF Reader CVE-2025-9328: Brief Summary of PRC File Parsing Out-Of-Bounds Read RCE

A brief summary of CVE-2025-9328, an out-of-bounds read vulnerability in Foxit PDF Reader's PRC file parsing that may allow remote code execution. This post covers technical details, affected versions, and vendor security history.
CVE Analysis

8 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-09-02

Foxit PDF Reader CVE-2025-9328: Brief Summary of PRC File Parsing Out-Of-Bounds Read RCE
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Remote code execution through a single PDF file is a scenario that can disrupt enterprise workflows and compromise sensitive data. CVE-2025-9328 targets Foxit PDF Reader, a widely deployed PDF solution in both business and government sectors, and leverages a flaw in how the application parses PRC files. The vulnerability is rated HIGH (CVSS 7.8) and requires user interaction, such as opening a malicious PDF or visiting a crafted web page.

About Foxit Software: Foxit Software is a leading provider of PDF solutions with over 700 million users globally. Its PDF Reader is a popular alternative to Adobe Acrobat, especially in enterprise environments. Foxit has a history of memory corruption vulnerabilities, making its products a recurring focus for security researchers.

Technical Information

CVE-2025-9328 is an out-of-bounds read vulnerability (CWE-125) in Foxit PDF Reader's PRC (Palm Resource Code) file parsing logic. The vulnerability is triggered due to insufficient validation of user-supplied data during the parsing of PRC files. Specifically, the parser can perform a read operation past the end of an allocated buffer when handling certain PRC data structures. This flaw can be exploited by attackers to execute arbitrary code in the context of the current process.

  • The vulnerability exists in the code responsible for parsing PRC files embedded in PDF documents.
  • Attackers can craft malicious PDF files with embedded PRC content that triggers the out-of-bounds read.
  • Exploitation requires convincing a user to open a malicious file or visit a web page that serves such a file.
  • Successful exploitation allows code execution with the privileges of the user running Foxit PDF Reader.

No public code snippets or vulnerable code fragments have been released as of the advisory date.

Affected Systems and Versions

  • Foxit PDF Reader versions prior to 2025.2.0.33046 are affected.
  • The vulnerability impacts all configurations capable of parsing PRC files within PDF documents.
  • The issue was fixed in version 2025.2.0.33046, released August 13, 2025.

Vendor Security History

Foxit Software has previously addressed similar memory corruption and code execution vulnerabilities:

  • CVE-2020-14425: JavaScript-based RCE in Foxit Reader
  • CVE-2024-28888: Use-after-free in Foxit Reader
  • Past issues with outdated V8 JavaScript engine components

Foxit typically coordinates with security researchers and issues timely patches. The company maintains a public security bulletin page and responds to disclosures through established channels.

References


CVE-2025-9328 official entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9328

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-9328

Detect & fix
what others miss