CVE-2025-9330: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2025-9330 is an Uncontrolled Search Path Element Local Privilege Escalation vulnerability affecting Foxit PDF Reader version 2025.1.0.27937 and earlier. The vulnerability was discovered by Alexander Staalgaard and disclosed on August 21, 2025. This security flaw exists within the Foxit Reader Update Service, where the product loads a library from an unsecured location (ZDI Advisory, Foxit Security Bulletin).

The vulnerability is classified as a DLL Hijacking (CWE-427) issue with a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The specific flaw occurs when the application does not specify an absolute path when searching for the DLL library, allowing the product to load a library from an unsecured location (Foxit Security Bulletin).

An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. The successful exploitation requires the attacker to first obtain the ability to execute low-privileged code on the target system (ZDI Advisory).

Foxit has released an update to address this vulnerability. Users are advised to update to the latest version of Foxit PDF Reader. The update can be installed by clicking on 'Help' > 'About Foxit PDF Reader' > 'Check for Update' or by downloading the latest version from the Foxit website (Foxit Security Bulletin).