CVE-2025-66522 is a stored cross-site scripting (XSS) vulnerability identified in the Digital IDs functionality of Foxit Software Inc.'s pdfonline.foxit.com, part of the Foxit PDF Editor Cloud service. The vulnerability stems from improper neutralization of input (CWE-79) in the Common Name field of Digital IDs, where user-supplied content is inserted into the Document Object Model (DOM) without adequate sanitization or encoding. This allows attackers to embed malicious HTML or JavaScript code that executes when the Digital IDs dialog is opened or when the affected PDF document is loaded. The flaw affects all versions of the product prior to December 1, 2025. The CVSS v3.1 base score is 6.3, reflecting medium severity with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), and user interaction (UI:R). The impact primarily compromises confidentiality (C:H) with limited integrity impact (I:L) and no availability impact (A:N). No public exploits are known at this time. The vulnerability could be exploited by authenticated users who can submit malicious input into the Digital IDs Common Name field, potentially leading to session hijacking, credential theft, or unauthorized actions executed in the context of the victim's browser session. Since the vulnerability is stored, the malicious payload persists and triggers upon access to the Digital IDs dialog or loading the affected PDF, increasing the risk of widespread impact if exploited in shared or collaborative environments. The vulnerability highlights the importance of proper input validation and output encoding in web applications, especially those handling sensitive document workflows.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive information handled via the Foxit PDF Editor Cloud. Attackers exploiting this XSS flaw could execute arbitrary scripts in the context of authenticated users, potentially stealing session tokens, credentials, or other sensitive data. This could lead to unauthorized access to corporate documents or systems integrated with the PDF editor. Given the collaborative nature of document workflows in many enterprises, the stored nature of the XSS increases the likelihood of multiple users being affected once a malicious payload is injected. While the integrity and availability impacts are limited, the breach of confidentiality could have regulatory implications under GDPR, especially if personal or sensitive data is exposed. The requirement for low privileges and user interaction means insider threats or phishing-assisted attacks could leverage this vulnerability effectively. Organizations relying heavily on cloud-based document editing and digital ID features in PDFs are particularly at risk, potentially affecting sectors such as finance, legal, and government services across Europe.

1. Apply patches or updates from Foxit Software Inc. as soon as they become available to address CVE-2025-66522. 2. Until patches are released, restrict access to the Digital IDs functionality within pdfonline.foxit.com to trusted users only, minimizing exposure. 3. Implement additional input validation and output encoding on the Common Name field at the application or proxy level to neutralize potentially malicious input. 4. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the application context. 5. Educate users about the risks of interacting with untrusted PDFs or Digital IDs dialogs, especially in shared environments. 6. Monitor logs and user activity for unusual behavior indicative of XSS exploitation attempts. 7. Consider isolating or sandboxing the PDF editor environment to contain potential script execution impacts. 8. Review and enhance incident response plans to include scenarios involving stored XSS in document management systems.