Introduction
Remote code execution through a single PDF file is a scenario that can disrupt enterprise workflows and compromise sensitive data. CVE-2025-9328 targets Foxit PDF Reader, a widely deployed PDF solution in both business and government sectors, and leverages a flaw in how the application parses PRC files. The vulnerability is rated HIGH (CVSS 7.8) and requires user interaction, such as opening a malicious PDF or visiting a crafted web page.
About Foxit Software: Foxit Software is a leading provider of PDF solutions with over 700 million users globally. Its PDF Reader is a popular alternative to Adobe Acrobat, especially in enterprise environments. Foxit has a history of memory corruption vulnerabilities, making its products a recurring focus for security researchers.
Technical Information
CVE-2025-9328 is an out-of-bounds read vulnerability (CWE-125) in Foxit PDF Reader's PRC (Palm Resource Code) file parsing logic. The vulnerability is triggered due to insufficient validation of user-supplied data during the parsing of PRC files. Specifically, the parser can perform a read operation past the end of an allocated buffer when handling certain PRC data structures. This flaw can be exploited by attackers to execute arbitrary code in the context of the current process.
- The vulnerability exists in the code responsible for parsing PRC files embedded in PDF documents.
- Attackers can craft malicious PDF files with embedded PRC content that triggers the out-of-bounds read.
- Exploitation requires convincing a user to open a malicious file or visit a web page that serves such a file.
- Successful exploitation allows code execution with the privileges of the user running Foxit PDF Reader.
No public code snippets or vulnerable code fragments have been released as of the advisory date.
Affected Systems and Versions
- Foxit PDF Reader versions prior to 2025.2.0.33046 are affected.
- The vulnerability impacts all configurations capable of parsing PRC files within PDF documents.
- The issue was fixed in version 2025.2.0.33046, released August 13, 2025.
Vendor Security History
Foxit Software has previously addressed similar memory corruption and code execution vulnerabilities:
- CVE-2020-14425: JavaScript-based RCE in Foxit Reader
- CVE-2024-28888: Use-after-free in Foxit Reader
- Past issues with outdated V8 JavaScript engine components
Foxit typically coordinates with security researchers and issues timely patches. The company maintains a public security bulletin page and responds to disclosures through established channels.
References
- Zero Day Initiative Advisory ZDI-25-864
- Foxit Security Bulletins
- Foxit PDF Reader Version History
- CVE-2025-9328 on Feedly
- ManageEngine Vulnerability Database
- PRC File Format on Wikipedia
- CVE-2025-32451 Foxit Reader Memory Corruption
CVE-2025-9328 official entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9328