CVE-2025-9329: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2025-9329 is an Out-of-bounds Read vulnerability affecting Foxit PDF Reader and Foxit PDF Editor. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on August 21, 2025. The affected software versions include Foxit PDF Reader 2025.1.0.27937 and earlier, as well as various versions of Foxit PDF Editor for both Windows and macOS platforms (Foxit Bulletin).

The vulnerability exists within the parsing of PRC files and results from the lack of proper validation of user-supplied data, which can lead to a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS 3.0 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability. User interaction is required for exploitation, as the target must visit a malicious page or open a malicious file (ZDI Advisory).

Foxit has released security updates to address this vulnerability. Users are advised to update to Foxit PDF Reader 2025.2 or Foxit PDF Editor 2025.2. The update can be installed either through the application's built-in update feature (Help > About > Check for Update) or by downloading the latest version from the Foxit website (Foxit Bulletin).