There is no such thing as a double spending with confirmation.
Pardon me, but I understand double-spending as: spending money more than once. Sure, I can't spend the same input twice as it would violate the protocol rules, but if spend it once, reorg the chain, and re-spend it, it'd be perfectly valid from a protocol point of view.
But if someone has access to Foundry pool back end it is possible.
It's possible regardless of the intentions. But even if the back end of Foundry was compromised, I think it'd be less damaging for the hacker to simply withdraw their coins. I mean, a 51% attack would be suicidal.