Foxit Reader Vulnerability PoC - 20250120001¶
Overview¶
The WA SOC has been made aware of a proof-of-concept (PoC) exploit for a vulnerability in Foxit PDF Reader and PDF Editor products. Successful exploitation by a threat actor could lead to sending NTLM credentials to a public server.
Security updates have been released by the vendor to address the vulnerability, however there is no known CVE assigned at the time of publishing.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Foxit PDF Reader | 2024.3.0.26795 and earlier | TBD | TBD | TBD |
| Foxit PDF Editor | - 2024.x \<= 2024.3.0.26795 - 2023.x \<= 2023.3.0.23028 - 13.x \<= 13.1.4.23147 - 12.x \<= 12.1.8.15703 - 11.2.11.54113 and earlier |
TBD | TBD | TBD |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):