Wiz
Vulnerability DatabaseCVE-2021-45980

CVE-2021-45980
Foxit PDF Reader vulnerability analysis and mitigation

Overview

Foxit PDF Reader and PDF Editor before version 11.1 on macOS contain a security vulnerability (CVE-2021-45980) that allows remote attackers to execute arbitrary code via getURL in the JavaScript API (NVD). The vulnerability was disclosed and a fix was released with version 11.1.0.52543 (ManageEngine).

Technical details

The vulnerability has a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and CVSS v2.0 Base Score of 6.8 MEDIUM (Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P). The vulnerability exists in the JavaScript API's getURL functionality, which could be exploited through malicious PDF documents (NVD).

Impact

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on the target system when a user opens a specially crafted PDF document. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected system (NVD).

Mitigation and workarounds

Users should update to Foxit PDF Reader and PDF Editor version 11.1.0.52543 or later to address this vulnerability. The fix is available through the standard software update mechanisms (ManageEngine, Foxit Security).

Additional resources

SourceThis report was generated using AI

Related Foxit PDF Reader vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-9330HIGH7.8
  • Foxit PDF ReaderFoxit PDF Reader
  • cpe:2.3:a:foxit:pdf_reader
NoNoSep 02, 2025
CVE-2025-9329HIGH7.8
  • Foxit PDF ReaderFoxit PDF Reader
  • cpe:2.3:a:foxit:pdf_reader
NoYesSep 02, 2025
CVE-2025-9328HIGH7.8
  • Foxit PDF ReaderFoxit PDF Reader
  • cpe:2.3:a:foxit:pdf_reader
NoYesSep 02, 2025
CVE-2025-9326HIGH7.8
  • Foxit PDF ReaderFoxit PDF Reader
  • cpe:2.3:a:foxit:pdf_reader
NoYesSep 02, 2025
CVE-2025-9327MEDIUM5.5
  • Foxit PDF ReaderFoxit PDF Reader
  • cpe:2.3:a:foxit:pdf_reader
NoYesSep 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo