CVE-2025-66497 is a vulnerability classified under CWE-125 (Out-of-bounds Read) affecting Foxit PDF Reader, a widely used PDF viewing application. The flaw exists in the 3D annotation handling component, specifically when parsing PRC (Product Representation Compact) data embedded in PDF files. Due to insufficient bounds checking, a specially crafted PDF containing malformed PRC content can trigger out-of-bounds memory access, resulting in memory corruption. This memory corruption can potentially lead to information disclosure, application crashes, or other undefined behaviors compromising the confidentiality, integrity, and availability of the affected system. The vulnerability affects multiple versions of Foxit PDF Reader, including versions 13.2.1 and earlier, 14.0.1 and earlier, and 2025.2.1 and earlier. The CVSS v3.1 base score is 5.3, indicating medium severity, with an attack vector limited to local (the attacker must have the ability to deliver and open a malicious PDF file), low attack complexity, no privileges required, but requiring user interaction. No patches or exploit code are currently publicly available, and no known exploits have been observed in the wild. The vulnerability was publicly disclosed on December 19, 2025. The flaw could be leveraged by attackers to execute arbitrary code or cause denial of service if combined with other vulnerabilities or techniques, although direct remote exploitation without user interaction is not feasible.

For European organizations, this vulnerability poses a moderate risk primarily through targeted phishing or social engineering attacks where malicious PDFs are delivered via email or other file-sharing methods. Successful exploitation could lead to memory corruption causing application crashes, potential data leakage, or escalation when chained with other vulnerabilities. Organizations handling sensitive documents or intellectual property in PDF format are at risk of confidentiality breaches. The impact on availability could disrupt business operations if critical users’ PDF readers crash or become unstable. Given the widespread use of Foxit PDF Reader in various sectors including government, finance, and legal services across Europe, the vulnerability could be exploited to compromise endpoints or gain footholds in networks. However, the requirement for user interaction and local attack vector limits large-scale automated exploitation. The absence of known exploits reduces immediate threat but does not eliminate future risk, especially as attackers often develop exploits post-disclosure.

European organizations should implement the following specific mitigations: 1) Monitor Foxit Software’s advisories closely and apply security patches promptly once released to address this vulnerability. 2) Enforce strict email and file attachment filtering to block or quarantine suspicious PDFs, especially those containing 3D annotations or PRC data. 3) Educate users about the risks of opening unsolicited or unexpected PDF files and encourage verification of file sources. 4) Configure endpoint protection solutions to detect anomalous behavior or crashes related to Foxit PDF Reader. 5) Consider disabling or restricting 3D annotation features in Foxit PDF Reader via configuration or group policy if feasible. 6) Employ application whitelisting and sandboxing techniques to limit the impact of potential exploitation. 7) Maintain up-to-date backups and incident response plans to quickly recover from any compromise or disruption caused by exploitation attempts.