Cyber Resilience

CVE-2023-27363

High

Published: 03 May 2024

Published
03 May 2024
Modified
11 August 2025
KEV Added
Patch
CVSS Score v3 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7947 99.1th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27363 is a high-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Foxit Pdf Editor. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-27363 is a remote code execution vulnerability in Foxit PDF Reader that stems from the exportXFAData method exposing a JavaScript interface capable of writing arbitrary files. The flaw, tracked as ZDI-CAN-19697 and assigned CWE-749, affects installations of the PDF reader and carries a CVSS 3.0 score of 7.8.

An attacker can exploit the issue by convincing a target to open a malicious PDF or visit a malicious page, after which arbitrary code executes in the context of the current user. No special privileges are required beyond the user interaction needed to trigger the file or page.

Public advisories from Foxit and the Zero Day Initiative are available at the referenced URLs and address the vulnerability through security bulletins.

The EPSS score has reached a current value of 0.7947 with a recorded peak of 0.8213, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must…

more

visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

foxit
pdf editor
≤ 10.1.11.37866 · 11.0.0.49893 — 11.2.5.53785 · 12.0.0.12394 — 12.1.1.15289
foxit
pdf reader
≤ 12.1.1.15289

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-749

Explicitly prohibiting dangerous or unnecessary functions and services prevents exposure of methods that could be directly exploited.

addresses: CWE-749

Minimal functionality removes or avoids exposure of dangerous methods and functions.

References