Cyber Posture

CVE-2025-27830

High

Published: 25 March 2025

Published
25 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 18.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27830 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Artifex Ghostscript. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 18.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Mandates timely patching of the buffer overflow vulnerability in Ghostscript versions prior to 10.05.0 to prevent exploitation via malicious PostScript or PDF files.

SI-16 Memory Protection partial match
prevent

Provides memory protections such as address space layout randomization and non-executable data that mitigate successful exploitation of the buffer overflow even if triggered.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Requires vulnerability scanning to identify systems with vulnerable Ghostscript installations, enabling proactive remediation before local attacker exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Buffer overflow in Ghostscript (client-side PDF/PostScript processor) enables code execution via malicious file opened by user, directly mapping to client exploitation and malicious file delivery.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

Deeper analysisAI

CVE-2025-27830 is a buffer overflow vulnerability (CWE-120) discovered in Artifex Ghostscript versions prior to 10.05.0. The flaw occurs during the serialization of DollarBlend in a font, specifically impacting the base/write_t1.c and psi/zfapi.c components.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges but must rely on user interaction, such as processing a maliciously crafted PostScript or PDF file with Ghostscript. Successful exploitation could grant high-impact unauthorized access, modification, or disruption of system resources.

Advisories and patches are detailed in the Ghostscript bug tracker at https://bugs.ghostscript.com/show_bug.cgi?id=708241 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html, which address the issue in affected distributions. Mitigation involves upgrading to Ghostscript 10.05.0 or later.

Details

CWE(s)
CWE-120

Affected Products

artifex
ghostscript
≤ 10.05.0

CVEs Like This One

CVE-2025-27834Same product: Artifex Ghostscript
CVE-2025-27835Same product: Artifex Ghostscript
CVE-2025-27832Same product: Artifex Ghostscript
CVE-2025-27833Same product: Artifex Ghostscript
CVE-2025-27836Same product: Artifex Ghostscript
CVE-2025-27831Same product: Artifex Ghostscript
CVE-2025-27837Same product: Artifex Ghostscript
CVE-2026-6384Shared CWE-120
CVE-2020-37050Shared CWE-120
CVE-2024-57509Shared CWE-120

References