CVE-2025-66502 is a stored cross-site scripting (XSS) vulnerability identified in Foxit Software Inc.'s pdfonline.foxit.com platform, specifically within its Page Templates feature. The vulnerability arises because the application fails to properly sanitize user input when storing template names. An attacker with low privileges can inject a malicious script payload into the template name field, which is then persistently stored and rendered into the Document Object Model (DOM) each time the affected PDF is loaded. This persistent XSS flaw allows the injected script to execute in the context of the victim's browser, potentially leading to theft of sensitive information such as authentication tokens, session cookies, or other confidential data. The vulnerability requires the attacker to have some level of authenticated access (PR:L) and user interaction (UI:R) to trigger the exploit, but no complex attack conditions or high privileges are necessary. The CVSS v3.1 base score is 6.3, reflecting a medium severity level with high confidentiality impact, low integrity impact, and no availability impact. No known exploits are currently reported in the wild, but the vulnerability's presence in a widely used online PDF service poses a significant risk. The lack of proper input validation and output encoding in the template name field is the root cause, highlighting the importance of secure coding practices in web applications that handle user-generated content. Organizations relying on pdfonline.foxit.com for document processing and sharing should be aware of this vulnerability and prepare to apply patches or mitigations promptly once available.

For European organizations, this vulnerability could lead to significant confidentiality breaches, especially in environments where sensitive documents are processed or shared via pdfonline.foxit.com. Attackers exploiting this XSS flaw could hijack user sessions, steal authentication credentials, or perform actions on behalf of legitimate users, potentially leading to unauthorized data access or disclosure. The integrity impact is limited but could allow attackers to manipulate client-side content or inject misleading information. Availability is not affected by this vulnerability. Given the widespread use of Foxit's PDF tools in business, legal, and governmental sectors across Europe, the risk of targeted attacks exploiting this flaw is notable. Organizations handling sensitive or regulated data (e.g., GDPR-protected personal data) face compliance risks if such an exploit leads to data leakage. The requirement for low privileges and user interaction means that phishing or social engineering could be used to trigger the exploit, increasing the attack surface. Overall, the vulnerability poses a medium risk but with potentially serious consequences for confidentiality and trust in document workflows.

1. Apply official patches or updates from Foxit Software Inc. as soon as they become available to address the vulnerability. 2. Until patches are released, restrict access to the Page Templates feature to trusted users only, minimizing the risk of malicious template creation. 3. Implement strict input validation and output encoding on the server side for all user-supplied data, especially template names, to prevent injection of executable scripts. 4. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers accessing pdfonline.foxit.com. 5. Monitor logs and user activities for unusual template creation or modification patterns that could indicate exploitation attempts. 6. Educate users about the risks of interacting with suspicious PDFs and the importance of verifying document sources. 7. Consider isolating the pdfonline service usage within secure network segments and enforcing multi-factor authentication to reduce the risk of compromised accounts. 8. Regularly review and audit permissions related to template management to ensure least privilege principles are enforced.