exploitDog

CVE-2025-13941

Опубликовано: 19 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.

Ссылки

https://www.foxit.com/support/security-bulletins.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*

Версия до 13.2.1.23955 (включая)

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*

Версия от 14.0.0.33046 (включая) до 14.0.1.33197 (включая)

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*

Версия от 2023.1.0.15510 (включая) до 2023.3.0.23028 (включая)

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*

Версия от 2024.1.0.23997 (включая) до 2024.4.1.27687 (включая)

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*

Версия от 2025.1.0.27937 (включая) до 2025.2.1.33197 (включая)

cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*

Версия до 2025.2.1.33197 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

8.8 High

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-rhhc-xvm8-7w83

CVSS3: 8.8

github

около 2 месяцев назад

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.

EPSS

Процентиль: 2%

0.00014

Низкий

8.8 High

CVSS3

Дефекты

CWE-732