CVE-2025-13941HIGH 8.8EPSS p5.9%

CVE-2025-13941CVE-2025-13941

Description

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.16% probability of exploitation · percentile 5.9% · 2026-06-18T12:00:27Z
Published2025-12-19
Last modified2025-12-23

Underlying weaknesses· 1

CWE-732

References

  1. https://www.foxit.com/support/security-bulletins.html

1

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32451
CVE
CVE-2026-47911
CVE
CVE-2025-0904
CVE
CVE-2025-0901
CVE
Adobe Acrobat and Reader Use-After-Free Vulnerability
CVE
CVE-2026-47937
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.