CVE-2025-66522
Last modified
CVE-2025-66522 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. EPSS estimates a 0.15% chance of exploitation in the next 30 days.
Description
A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the Digital IDs dialog is accessed or when the affected PDF is loaded.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Foxit | Pdf Editor Cloud | <= 2025-12-01 |
References
- https://www.foxit.com/support/security-bulletins.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-66522?
How severe is CVE-2025-66522?
How do I fix CVE-2025-66522?
Are you affected by CVE-2025-66522?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST