Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS..
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Foxit privilege escalation and use-after-free vulnerabilities
Discovered by KPC of Cisco Talos.
Foxit PDF Editor is a popular PDF handling platform for editing, e-signing, and collaborating on PDF documents. Talos found three vulnerabilities:
TALOS-2025-2275 (CVE-2025-57779) is a privilege escalation vulnerability in the installation of Foxit PDF Editor via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in elevation of privileges.
TALOS-2025-2277 (CVE-2025-58085) and TALOS-2025-2278 (CVE-2025-59488) are use-after-free vulnerabilities, one in the way Foxit Reader handles a Barcode field object, and one in the way Foxit Reader handles a Text Widget field object. A specially crafted JavaScript code inside a malicious PDF document can trigger these vulnerabilities, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger these vulnerabilities. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Epic Games local privilege escalation vulnerability
Discovered by KPC of Cisco Talos.
Epic Games Store is a storefront application for purchasing and accessing video games. Talos found TALOS-2025-2279 (CVE-2025-61973), a local privilege escalation vulnerability in the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in elevation of privileges.
MedDream PACS reflected cross-site scripting vulnerabilities
Discovered by Marcin “Icewall” Noga of Cisco Talos.
MedDream PACS server is a medical-integration system for archiving and communicating about DICOM 3.0 compliant images. Talos found 21 reflected cross-site scripting (XSS) vulnerabilities across several functions of MedDream PACS Premium 7.3.6.870. An attacker can provide a specially crafted URL to trigger these vulnerabilities, which can lead to arbitrary JavaScript code execution.
- TALOS-2025-2253 (CVE-2025-54817): autoPurge functionality
- TALOS-2025-2254 (CVE-2025-53516): downloadZip functionality
- TALOS-2025-2255 (CVE-2025-54495): emailfailedjob functionality
- TALOS-2025-2256 (CVE-2025-54157): encapsulatedDoc functionality
- TALOS-2025-2257 (CVE-2025-54778): existingUser functionality
- TALOS-2025-2258 (CVE-2025-46270): fetchPriorStudies functionality
- TALOS-2025-2259 (CVE-2025-55071): modifyAnonymize functionality
- TALOS-2025-2260 (CVE-2025-54852): modifyAeTitle functionality
- TALOS-2025-2261 (CVE-2025-54814): modifyAutopurgeFilter functionality
- TALOS-2025-2262 (CVE-2025-54861): modifyCoercion functionality
- TALOS-2025-2263 (CVE-2025-57881): modifyEmail functionality
- TALOS-2025-2264 (CVE-2025-58080): modifyHL7App functionality
- TALOS-2025-2265 (CVE-2025-53854): modifyHL7Route functionality
- TALOS-2025-2266 (CVE-2025-57787): modifyRoute functionality
- TALOS-2025-2267 (CVE-2025-53707): modifyTranscript functionality
- TALOS-2025-2268 (CVE-2025-54853): modifyUser functionality
- TALOS-2025-2269 (CVE-2025-57786): notifynewstudy functionality
- TALOS-2025-2270 (CVE-2025-44000): sendOruReport functionality
- TALOS-2025-2271 (CVE-2025-58087-CVE-2025-58095): config.php functionality
- TALOS-2025-2272 (CVE-2025-36556): ldapUser functionality
- TALOS-2025-2273 (CVE-2025-53912): encapsulatedDoc functionality