• Cisco Talos uncovered 25 critical vulnerabilities across Foxit PDF Editor, Epic Games Store, and MedDreams PACS. • Foxit PDF Editor had privilege escalation via Microsoft Store installation (CVE-2025-57779) and two use‑after‑free bugs (CVE-2025-58085, CVE-2025-59488). • Epic Games Store suffered a local privilege escalation flaw (CVE-2025-61973) that could elevate user privileges on the system. • MedDreams PACS faced 21 vulnerabilities, potentially exposing sensitive medical imaging data to attackers. • All vendors promptly patched the flaws following Cisco’s third‑party disclosure policy. • Snort rule sets now detect exploitation attempts; Talos advisories available on their website.
Article Summaries:
- Cisco Talos’ Vulnerability Discovery & Research team identified multiple security flaws across three widely used software products. Three vulnerabilities were found in Foxit PDF Editor, including a privilege‑escalation flaw in Microsoft Store installations (CVE‑2025‑57779) and two use‑after‑free bugs that could be triggered by malicious PDFs (CVE‑2025‑58085, CVE‑2025‑59488). A separate local privilege‑escalation issue (CVE‑2025‑61973) was discovered in the Epic Games Store’s Microsoft Store installer. Additionally, Talos uncovered 21 reflected cross‑site scripting (XSS) vulnerabilities in MedDream PACS Premium 7.3.6.870, allowing arbitrary JavaScript execution via crafted URLs. All affected vendors have released patches in line with Cisco’s disclosure policy.
Sources: