CVE-2025-13941 HIGH

CVE-2025-13941: Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Vendor Foxit Software Inc.
Product Foxit PDF Reader
Weakness CWE-732
Published December 19, 2025
Last update December 19, 2025

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.

Key dates

02Disclosure timeline

December 19, 2025 CVE published
December 19, 2025 Record updated