Platform
windows
Component
foxit-pdf-editor-reader-update-service
Fixed in
2025.3.1
2025.3.1
CVE-2026-3775 describes a privilege escalation vulnerability affecting the Foxit PDF Editor/Reader Update Service. This flaw allows a local attacker to exploit a weakness in how the update service loads system libraries, potentially gaining SYSTEM privileges and executing arbitrary code. The vulnerability impacts versions up to and including 2025.3. A patch is available from Foxit.
The core of this vulnerability lies in the update service's library loading mechanism. Instead of strictly validating the source of system libraries, it searches directories accessible to low-privileged users. An attacker can leverage this by placing a malicious DLL in a writable location within the search path. When the update service attempts to load a library, it may inadvertently load the attacker's malicious DLL with elevated SYSTEM privileges. This grants the attacker complete control over the affected system, enabling them to install malware, steal sensitive data, or compromise the entire network. The potential blast radius is significant, as SYSTEM-level access bypasses most standard security controls.
CVE-2026-3775 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature suggests a moderate probability of exploitation (medium EPSS score). The vulnerability's reliance on local access means it's less likely to be exploited in widespread, automated campaigns, but targeted attacks are possible. The vulnerability was publicly disclosed on 2026-04-01.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-3775 is to upgrade to a patched version of Foxit PDF Editor/Reader. Foxit has released a fix to restrict the library search path to trusted system locations. If immediate patching is not feasible, consider restricting write access to directories within the system library search path. While not a complete solution, this can reduce the attack surface. Monitor system logs for suspicious library loading activity. After upgrading, confirm the fix by attempting to place a test DLL in a writable directory and verifying that the update service does not load it.
Update Foxit PDF Editor/Reader to a version later than 2025.3. See the Foxit security advisory for more details and specific update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3775 is a vulnerability in Foxit PDF Editor/Reader Update Service that allows a local attacker to gain SYSTEM privileges by placing a malicious library in a writable directory.
You are affected if you are using Foxit PDF Editor/Reader versions 2025.3 or earlier. Check your version and upgrade immediately.
Upgrade to the latest patched version of Foxit PDF Editor/Reader. Foxit has released a fix to restrict the library search path.
While no widespread exploitation has been confirmed, the vulnerability's nature suggests a potential for targeted attacks. Monitor your systems for suspicious activity.
Refer to the official Foxit security advisory for detailed information and the latest updates: [https://www.foxit.com/security/](https://www.foxit.com/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.