CVE-2025-9328: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2025-9328 is a critical security vulnerability discovered in Foxit PDF Reader affecting versions 2025.1.0.27937 and earlier. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on August 21, 2025. This out-of-bounds read vulnerability exists within the parsing of PRC files in Foxit PDF Reader (Foxit Security, ZDI Advisory).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) vulnerability that occurs when parsing PRC files. The issue stems from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS 3.0 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (Foxit Security, ZDI Advisory).

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. An attacker can leverage this vulnerability to execute code in the context of the current process (ZDI Advisory).

Foxit has released version 2025.2 of Foxit PDF Reader to address this vulnerability. Users are advised to update their applications to the latest version either through the application's built-in update feature (Help > About Foxit PDF Reader > Check for Update) or by downloading the latest version from the Foxit website (Foxit Security).