Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-13941 | Mondoo Vulnerability Intelligence

CVE-2025-13941

HIGH8.8

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Published Dec 19, 2025

Modified 4 weeks ago

No fix available

Details

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.

References

ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-13941 WEBhttps://www.foxit.com/support/security-bulletins.html

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

Configuration

Incorrect Permission Assignment

Ecosystems

Timeline

PublishedDec 19, 2025

ModifiedDec 19, 2025