vulnerability

Foxit Reader: Improper Verification of Cryptographic Signature (CVE-2025-55311)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Published

Apr 7, 2026

Added

Apr 7, 2026

Modified

Apr 7, 2026

Description

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs.

Solution

foxit-reader-upgrade-latest

References

CVE-2025-55311
https://attackerkb.com/topics/CVE-2025-55311
CWE-347
EUVD-EUVD-2025-202702
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-202702
https://www.foxit.com/support/security-bulletins.html

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report