CVE-2025-9328 is a high-severity vulnerability identified in Foxit PDF Reader version 2024.4.0.27683, specifically related to the parsing of PRC files. The vulnerability is classified as an out-of-bounds read (CWE-125), which occurs when the software reads data beyond the allocated buffer boundaries due to insufficient validation of user-supplied input. This flaw can be exploited remotely by an attacker who convinces a user to open a maliciously crafted PRC file or visit a malicious webpage containing such a file. Successful exploitation allows the attacker to execute arbitrary code within the context of the Foxit PDF Reader process, potentially leading to full compromise of the affected system. The vulnerability requires user interaction (opening a file or visiting a page) but does not require prior authentication or elevated privileges. The CVSS 3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no public exploits are currently known in the wild, the nature of the vulnerability and the widespread use of Foxit PDF Reader make this a significant threat. The vulnerability was reported by the Zero Day Initiative (ZDI) and is publicly disclosed as of September 2, 2025.

For European organizations, this vulnerability poses a substantial risk given the widespread use of Foxit PDF Reader in both corporate and governmental environments for handling PDF documents. Exploitation could lead to unauthorized code execution, enabling attackers to steal sensitive information, install malware, or move laterally within networks. The requirement for user interaction means that phishing or social engineering campaigns could be effective vectors, increasing the risk in sectors with high document exchange such as finance, legal, and public administration. The high impact on confidentiality, integrity, and availability could disrupt business operations, lead to data breaches, and cause reputational damage. Given the critical nature of document workflows in European enterprises and regulatory requirements such as GDPR, exploitation could also result in significant compliance and legal consequences.

Organizations should immediately verify the use of Foxit PDF Reader version 2024.4.0.27683 and plan to update to a patched version once available. Until a patch is released, implement strict email and web filtering to block or quarantine suspicious PRC files and related attachments. Educate users about the risks of opening unsolicited or unexpected PDF documents, especially those containing embedded PRC files. Employ endpoint protection solutions capable of detecting anomalous behaviors associated with exploitation attempts. Consider disabling or restricting the handling of PRC files within Foxit PDF Reader if possible. Network segmentation and application whitelisting can limit the impact of a successful exploit. Continuous monitoring for unusual process activity related to Foxit PDF Reader should be established to detect potential exploitation attempts early.