CVE-2024-30325 is a use-after-free vulnerability classified under CWE-416 affecting Foxit PDF Reader version 2023.2.0.21408. The vulnerability exists in the handling of Doc objects within AcroForms, a feature used for interactive PDF forms. The root cause is the failure to verify the existence of an object before performing operations on it, which leads to a use-after-free condition. This memory corruption flaw can be exploited remotely by an attacker who convinces a user to open a specially crafted malicious PDF file or visit a malicious webpage containing such a file. Upon exploitation, the attacker can execute arbitrary code with the privileges of the user running Foxit PDF Reader. The CVSS v3.0 base score is 7.8, indicating high severity, with attack vector local (requiring user interaction), low attack complexity, no privileges required, and impacts on confidentiality, integrity, and availability. No patches or exploits are currently publicly available, but the vulnerability was reported by ZDI (ZDI-CAN-22592). This vulnerability poses a significant risk due to the widespread use of Foxit PDF Reader in enterprise and consumer environments, especially where PDF forms are common.

If exploited, this vulnerability allows remote attackers to execute arbitrary code within the context of the Foxit PDF Reader process, potentially leading to full system compromise depending on user privileges. This can result in unauthorized access to sensitive information, data manipulation, installation of malware, or disruption of services. Organizations relying on Foxit PDF Reader for document handling, especially those processing sensitive or critical information, face risks of data breaches and operational impact. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a concern. The vulnerability affects confidentiality, integrity, and availability, making it a critical risk for sectors such as finance, government, healthcare, and legal industries where PDF documents are prevalent.

Organizations should monitor Foxit's official channels for patches addressing CVE-2024-30325 and apply updates promptly once released. Until a patch is available, implement the following mitigations: restrict or disable the use of AcroForms in Foxit PDF Reader via configuration settings if possible; employ application whitelisting to prevent execution of unauthorized code; use endpoint detection and response (EDR) tools to monitor for suspicious process behavior related to Foxit Reader; educate users to avoid opening PDFs from untrusted or unknown sources; consider sandboxing PDF reader applications to limit impact of potential exploits; and enforce the principle of least privilege by running Foxit PDF Reader with minimal user rights. Network-level controls such as blocking access to malicious sites hosting exploit PDFs can also reduce risk.