Recently, the Cisco Talos vulnerability research and discovery team identified a number of vulnerabilities in various software. Specifically, three vulnerabilities were discovered in the Foxit PDF Editor , one vulnerability in the Epic Games Store, and twenty-one vulnerabilities in the MedDream PACS system.
The affected vendors have addressed the identified vulnerabilities, in accordance with Cisco’s third-party vulnerability disclosure policy.
Foxit PDF Editor is a popular PDF management platform for editing, e-signing, and collaborating on PDF documents. Talos has detected three vulnerabilities:
CVE-2025-57779 is a privilege escalation vulnerability in the installation of Foxit PDF Editor via the Microsoft Store. A low-privileged user can replace files during the installation process, potentially leading to elevation of privilege.
CVE-2025-58085 and CVE-2025-59488 are use-after-free vulnerabilities, one in the way Foxit Reader handles a Barcode field object and the other in the way Foxit Reader handles a Text Widget field object.
Specially crafted JavaScript code within a malicious PDF document can trigger these vulnerabilities, which can lead to memory corruption and arbitrary code execution. An attacker must trick a user into opening the malicious file to trigger these vulnerabilities.
Exploitation is also possible if a user visits a specially crafted, malicious website if the browser plugin extension is enabled.
The Epic Games Store is a storefront application for purchasing and accessing video games. Talos has discovered an additional vulnerability (tracked under CVE-2025-61973), which involves local privilege escalation when installing the Epic Games Store via the Microsoft Store.
A low-privileged user can replace a DLL file during the installation process, which could lead to elevation of privileges.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
