CVE-2025-66502 is a stored cross-site scripting (XSS) vulnerability identified in Foxit Software Inc.'s online PDF service, pdfonline.foxit.com. The flaw resides in the Page Templates feature, where the template name input is not properly sanitized before being rendered into the Document Object Model (DOM). An attacker with low privileges can craft a malicious payload and store it as a template name. When a user loads a PDF that uses this template, the injected script executes in the context of the victim's browser. This can lead to the theft of sensitive information such as authentication tokens, cookies, or other confidential data, as well as potential session hijacking or further exploitation of the victim's environment. The vulnerability requires user interaction (loading the affected PDF) and low privileges to create or modify templates, but no elevated privileges or authentication bypass. The CVSS v3.1 score is 6.3, reflecting medium severity with high confidentiality impact, low integrity impact, and no availability impact. The vulnerability affects all versions of pdfonline.foxit.com prior to December 1, 2025. No public exploits have been reported yet, but the nature of stored XSS makes it a persistent threat once exploited. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation.

For European organizations, this vulnerability poses a significant risk to confidentiality, especially for entities that rely on pdfonline.foxit.com for document generation and sharing. Sensitive corporate, legal, or governmental documents processed through this service could be targeted to inject malicious scripts, leading to data leakage or session hijacking. The stored nature of the XSS means that once a malicious template is created, it can affect multiple users repeatedly, increasing the attack surface. This could undermine trust in document integrity and confidentiality, potentially leading to regulatory compliance issues under GDPR if personal data is compromised. The medium severity rating suggests that while the vulnerability is not critical, it is exploitable with relative ease and can have serious consequences if leveraged in targeted attacks. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize such vulnerabilities rapidly after disclosure.

European organizations should take a proactive approach to mitigate this vulnerability. First, monitor Foxit Software Inc. announcements and apply security patches or updates as soon as they become available to address CVE-2025-66502. Until patches are released, restrict access to the Page Templates feature to trusted users only, minimizing the risk of malicious template creation. Implement strict input validation and sanitization on any user-supplied data related to templates, if possible through configuration or additional security controls. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within browsers accessing pdfonline.foxit.com resources. Educate users to be cautious when opening PDFs from untrusted sources or templates. Additionally, consider isolating or sandboxing PDF viewing environments to reduce the impact of potential script execution. Regularly audit templates and document generation workflows for suspicious entries. Finally, integrate monitoring and alerting for unusual activities related to template creation or PDF access within organizational security operations.