CVE-2025-66522 is a stored cross-site scripting (XSS) vulnerability identified in the Digital IDs functionality of Foxit Software Inc.'s pdfonline.foxit.com, specifically within the Foxit PDF Editor Cloud product. The vulnerability stems from improper neutralization of input (CWE-79) in the Common Name field of Digital IDs, where user-supplied content is inserted into the Document Object Model (DOM) without adequate sanitization or encoding. This flaw allows an attacker to embed malicious HTML or JavaScript code that executes whenever the Digital IDs dialog is accessed or when the affected PDF document is loaded. The vulnerability requires the attacker to have low privileges (PR:L) and user interaction (UI:R), such as opening a malicious PDF or accessing the Digital IDs dialog. The CVSS 3.1 base score is 6.3 (medium severity), reflecting a network attack vector (AV:N), low attack complexity (AC:L), partial confidentiality impact (C:H), low integrity impact (I:L), and no availability impact (A:N). Although no known exploits are currently reported in the wild, the stored nature of the XSS means that malicious code can persist and affect multiple users. This vulnerability could be leveraged to steal sensitive information such as authentication tokens or session cookies, perform actions on behalf of the user, or conduct phishing attacks within the context of the vulnerable web application. The affected versions include all releases before December 1, 2025, and no official patches or mitigation links have been published yet. The flaw highlights the importance of proper input validation and output encoding in web applications handling user-generated content.

For European organizations, the impact of CVE-2025-66522 could be significant, especially for those relying on Foxit PDF Editor Cloud for document management and digital signature workflows. Successful exploitation can lead to the theft of sensitive information, including authentication credentials or session tokens, potentially enabling unauthorized access to corporate resources. The stored XSS could also facilitate phishing or social engineering attacks by injecting malicious scripts that alter the user interface or redirect users to fraudulent sites. While availability is not impacted, the confidentiality breach risks are considerable, particularly in regulated sectors such as finance, healthcare, and government where document integrity and confidentiality are paramount. Additionally, the vulnerability could undermine trust in digital signature processes, affecting compliance with European data protection regulations like GDPR. The requirement for user interaction and low privilege reduces the attack surface but does not eliminate risk, especially in environments with high document exchange volumes or external collaborators. The absence of known exploits in the wild suggests a window for proactive mitigation before active exploitation occurs.

European organizations should implement the following specific mitigations: 1) Monitor Foxit Software Inc. communications closely and apply security patches immediately once available, as the vulnerability affects versions prior to December 1, 2025. 2) Restrict or validate user input in the Digital IDs Common Name field by implementing additional input sanitization or filtering at the organizational level if possible, such as through proxy or gateway controls. 3) Employ web application firewalls (WAFs) with tailored rules to detect and block XSS payloads targeting the Digital IDs functionality. 4) Educate users about the risks of opening untrusted PDFs or interacting with suspicious Digital IDs dialogs to reduce successful exploitation via social engineering. 5) Review and harden browser security settings and Content Security Policy (CSP) configurations to limit the impact of injected scripts. 6) Conduct regular security assessments and penetration testing focused on PDF handling workflows to identify residual risks. 7) Consider alternative PDF editing or signing solutions with stronger input validation if immediate patching is not feasible. These measures go beyond generic advice by focusing on the specific input vector and the operational context of Foxit PDF Editor Cloud usage.