CVE-2022-24955: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 were discovered to have an Uncontrolled Search Path Element vulnerability for DLL files. The vulnerability was disclosed on February 10, 2022, and was assigned identifier CVE-2022-24955. This security flaw affects multiple versions of both Foxit PDF Reader and Foxit PDF Editor on Windows platforms (NVD, CVE).

The vulnerability is classified as a CWE-427 (Uncontrolled Search Path Element) issue. According to the National Vulnerability Database, it received a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The CVSS v2.0 Base Score is 7.5 (HIGH) with the vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) (NVD).

The vulnerability's critical CVSS score of 9.8 indicates severe potential impacts. With successful exploitation, an attacker could potentially gain complete control over the affected system, leading to unauthorized access, data compromise, and system manipulation (NVD).

Users are advised to update their software to Foxit PDF Reader version 11.2.1 or later, and Foxit PDF Editor version 11.2.1 or later. These updated versions contain fixes for the vulnerability (Foxit Security).