CVE-2025-27830
Published: 25 March 2025
Summary
CVE-2025-27830 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Artifex Ghostscript. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-27830 is a buffer overflow vulnerability (CWE-120) discovered in Artifex Ghostscript versions prior to 10.05.0. The flaw occurs during the serialization of DollarBlend in a font, specifically impacting the base/write_t1.c and psi/zfapi.c components.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges but must rely on user interaction, such as processing a maliciously crafted PostScript or PDF file with Ghostscript. Successful exploitation could grant high-impact unauthorized access, modification, or disruption of system resources.
Advisories and patches are detailed in the Ghostscript bug tracker at https://bugs.ghostscript.com/show_bug.cgi?id=708241 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html, which address the issue in affected distributions. Mitigation involves upgrading to Ghostscript 10.05.0 or later.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8092
Vulnerability details
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in Ghostscript (client-side PDF/PostScript processor) enables code execution via malicious file opened by user, directly mapping to client exploitation and malicious file delivery.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates timely patching of the buffer overflow vulnerability in Ghostscript versions prior to 10.05.0 to prevent exploitation via malicious PostScript or PDF files.
Provides memory protections such as address space layout randomization and non-executable data that mitigate successful exploitation of the buffer overflow even if triggered.
Requires vulnerability scanning to identify systems with vulnerable Ghostscript installations, enabling proactive remediation before local attacker exploitation.