CNA authorization empowers Foxit to assign official CVE IDs, advancing transparency and efficiency in vulnerability disclosure
Fremont, Calif, October 14, 2025 – Foxit, a global leader in PDF and document productivity solutions, today announced that it has been authorized as a CVE Numbering Authority (CNA) by the Common Vulnerabilities and Exposures (CVE) Program.
This designation officially authorizes Foxit to assign CVE Identifiers (IDs) to security vulnerabilities found in its products, greatly simplifying the process for coordinated disclosure and patching for its global customer base, including enterprise and government clients.
Taking Control of the Vulnerability Lifecycle
As a newly certified CNA, Foxit will directly help uphold the global standard for vulnerability detection. This status emphasizes the company's dedication to proactive security, transparency, and compliance with strict federal and international compliance regulations.
"Becoming a CNA is a crucial step in advancing our product security program and strengthens our dedication to global security standards," said Derek O’Neill, Director, Data Privacy & Information Security at Foxit. "It enables us to respond more quickly, ensuring that when a security flaw is discovered internally or by an external researcher, it is immediately recognized as a security anomaly and assigned a unique, standardized CVE ID, with consistent tracking. This faster management of the vulnerability lifecycle improves our ability to release patches and issue advisories swiftly, ultimately protecting our customers effectively."
Key Benefits of Foxit’s CNA Status:
Faster Response: Direct control over ID assignment significantly reduces the time between vulnerability discovery and official public notification.
Enhanced Transparency: The ability to issue official CVE Records provides customers and security analysts with clearer, standardized information about vulnerabilities affecting Foxit products.
Streamlined Collaboration: Foxit can now more effectively coordinate the disclosure process with independent security researchers, ensuring proper credit and protecting users from zero-day exploits.
Commitment to the Global Security Community
The CVE Program, sponsored by the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), is a global effort to identify, define, and catalog publicly known cybersecurity vulnerabilities. Foxit joins hundreds of organizations worldwide participating in this effort.
Foxit is dedicated to fostering a more secure ecosystem and encourages security researchers to continue reporting potential vulnerabilities through its established disclosure channel at www.foxit.com/support/security.
About Foxit
Foxit is a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents. Foxit delivers easy-to-use desktop software, mobile apps, and cloud services that allow users to create, edit, fill, and sign documents through its integrated PDF Editor and eSign offerings. Foxit enables software developers to incorporate innovative PDF technology into their applications via powerful, multi-platform Software Developer Kits (SDKs).
Foxit has sold to over 640,000 customers, ranging from SMBs to global enterprises, located in more than 200 countries. The company has offices worldwide, including locations in the U.S., Europe, Australia, and Asia. For more information, please visit https://foxit.com.
PR Contact:
Lauren Curley, Touchdown PR
[email protected]