vulnerability
Foxit Foxit Reader: CVE-2020-14425: Vulnerability in Foxit Foxit Reader
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Nov 2, 2020 | Nov 20, 2020 | May 4, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Nov 2, 2020
Added
Nov 20, 2020
Modified
May 4, 2026
Description
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
Solution
foxit_reader-update-latest
References
- CVE-2020-14425
- https://attackerkb.com/topics/CVE-2020-14425
- http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
- https://www.exploit-db.com/exploits/48982
- https://www.foxitsoftware.com/support/security-bulletins.php
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-6564
- EUVD-EUVD-2020-6564
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.