CVE-2025-9326: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2025-9326 is an Out-Of-Bounds Read vulnerability affecting Foxit PDF Reader's PRC file parsing functionality, discovered and disclosed on September 2, 2025. The vulnerability impacts installations of Foxit PDF Reader versions 2025.1.0.27937 and earlier on Windows platforms (NVD, Foxit Security Bulletin).

The vulnerability exists within the parsing of PRC files and stems from improper validation of user-supplied data, which can result in a read operation past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access requirements with user interaction needed for exploitation (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The attack requires user interaction, specifically that the target must visit a malicious page or open a malicious file (Zero Day Initiative).

Foxit has released security updates to address this vulnerability in version 2025.2 of Foxit PDF Reader. Users are advised to update their installations to the latest version either through the application's built-in update feature (Help > About Foxit PDF Reader > Check for Update) or by downloading the latest version from the Foxit website (Foxit Security Bulletin).