CVE-2025-9327: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2025-9327 is an Out-of-bounds Read vulnerability discovered in Foxit PDF Reader that affects PRC file parsing functionality. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on August 21, 2025. This vulnerability affects Foxit PDF Reader version 2025.1.0.27937 and earlier, as well as Foxit PDF Editor version 2025.1.0.27937 and earlier versions (Foxit Security, ZDI Advisory).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue that occurs when parsing PRC files. The specific flaw exists within the parsing of PRC files where the application reads data beyond the boundaries of an allocated buffer without proper validation. The vulnerability has been assigned a CVSS 3.0 base score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a low severity level (Foxit Security, ZDI Advisory).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file (ZDI Advisory).

Foxit has released version 2025.2 to address this vulnerability. Users are advised to update their applications to the latest version either through the application's built-in update feature (Help > About Foxit PDF Reader/Editor > Check for Update) or by downloading the latest version from the Foxit website (Foxit Security).