CVE-2025-27363
Published: 11 March 2025
Summary
CVE-2025-27363 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Freetype Freetype. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 1.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely identification, reporting, and remediation of flaws like the out-of-bounds write in vulnerable FreeType versions through patching or upgrading.
Requires vulnerability scanning to detect the presence of vulnerable FreeType library versions affected by CVE-2025-27363.
Implements memory protections like ASLR and non-executable heap that mitigate arbitrary code execution from the heap buffer overflow in FreeType.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes an out-of-bounds write vulnerability in FreeType font parsing leading to arbitrary code execution, which directly enables Exploitation for Client Execution (T1203) via malicious font files.
NVD Description
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed…
more
short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
Deeper analysisAI
CVE-2025-27363 is an out-of-bounds write vulnerability (CWE-787) affecting FreeType versions 2.13.0 and earlier. The flaw occurs during parsing of font subglyph structures in TrueType GX and variable font files, where a signed short value is assigned to an unsigned long, followed by addition of a static value that causes integer wrap-around. This results in allocation of an undersized heap buffer, after which up to six signed long integers are written out of bounds relative to the buffer.
Unauthenticated remote attackers can exploit the vulnerability over the network (AV:N), though it requires high attack complexity (AC:H) and no user interaction (UI:N) or privileges (PR:N). Successful exploitation can lead to arbitrary code execution, with high impacts on confidentiality, integrity, and availability (CVSS:3.1 base score of 8.1; C:H/I:H/A:H, S:U).
Mitigation requires upgrading to newer versions of FreeType, which are not vulnerable. Relevant advisories and discussions are available at https://www.facebook.com/security/advisories/cve-2025-27363 and oss-security mailing list threads including http://www.openwall.com/lists/oss-security/2025/03/13/1, http://www.openwall.com/lists/oss-security/2025/03/13/11, http://www.openwall.com/lists/oss-security/2025/03/13/12, and http://www.openwall.com/lists/oss-security/2025/03/13/2.
This vulnerability may have been exploited in the wild.
Details
- CWE(s)
- KEV Date Added
- 06 May 2025