CVE-2025-9330: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2025-9330 is an Uncontrolled Search Path Element Local Privilege Escalation vulnerability affecting Foxit PDF Reader version 2025.1.0.27937 and earlier. The vulnerability was discovered by Alexander Staalgaard and disclosed on August 21, 2025. The specific flaw exists within the Foxit Reader Update Service, where the product loads a library from an unsecured location (ZDI Advisory, Foxit Security Bulletin).

The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The technical issue stems from the application not specifying an absolute path when searching for DLL libraries, which creates a DLL hijacking condition (CWE-427). An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to escalate privileges and execute code in the context of SYSTEM. This means an attacker could potentially gain elevated system privileges and execute arbitrary code with SYSTEM-level access (ZDI Advisory, Foxit Security Bulletin).

Foxit has released an update to address this vulnerability. Users are advised to update their applications to the latest version. This can be done by either clicking on "Help" > "About Foxit PDF Reader" > "Check for Update" within the application, or by downloading the latest version directly from the Foxit website (Foxit Security Bulletin).