CVE-2025-9329: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2025-9329 is an Out-of-Bounds Read vulnerability affecting Foxit PDF Reader and Foxit PDF Editor. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on August 21, 2025. The issue affects Foxit PDF Reader version 2025.1.0.27937 and earlier, as well as Foxit PDF Editor versions 2025.1.0.27937 and earlier on Windows and macOS platforms (Foxit Security).

The vulnerability exists within the parsing of PRC files and occurs when the application reads data beyond the boundaries of an allocated buffer without proper validation. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory, Foxit Security).

If successfully exploited, this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. The vulnerability requires user interaction, specifically opening a malicious file, to be exploited. The successful exploitation could lead to code execution in the context of the current process (ZDI Advisory).

Foxit has released security updates to address this vulnerability. Users are advised to update to Foxit PDF Reader 2025.2 or Foxit PDF Editor 2025.2. The update can be installed either through the application's built-in update feature (Help > About > Check for Update) or by downloading the latest version from the Foxit website (Foxit Security).