The flaw allows PDF JavaScript and document‑oriented actions—for example, WillPrint or DidPrint—to alter form fields, annotations, or optional content groups just before or after redaction, encryption, or printing. Because these script‑driven updates bypass the existing redaction, encryption, and printing checks, a crafted PDF can leave a fragment of sensitive information unredacted or unencrypted, or produce a printed output that does not match the on‑screen version. The vulnerability is therefore a source of potential data exposure and log integrity issues.

Foxit Software’s PDF Editor is the primary consumer of the affected logic, and since the redaction and printing features apply to any PDF file opened in the editor, any workstation running Foxit PDF Editor on Windows could be impacted. No specific software version was identified in the advisory, so all installations prior to an unpublicized update may be vulnerable.

The CVSS score of 4.7 indicates moderate severity, and the EPSS score of less than 1 % suggests a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalogue. Exploitation requires a user to open a malicious PDF that contains JavaScript designed to execute at print or redact time, a scenario that is plausible if users receive untrusted documents. The attack surface is therefore limited to environments where PDF JavaScript is enabled and users routinely open and print PDFs.