Out of Bounds Write Vulnerability in FreeType Software by FreeType Project
CVE-2025-27363

8.1HIGH

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 11 March 2025

Badges

📈 Trended📈 Score: 2,940💰 Ransomware👾 Exploit Exists🟣 EPSS 68%🦅 CISA Reported📰 News Worthy

What is CVE-2025-27363?

CVE-2025-27363 is a vulnerability found in FreeType software versions 2.13.0 and below, which is a widely used library for rendering fonts on various platforms, including Android. This specific vulnerability is classified as an out-of-bounds write, which occurs when the software attempts to parse font subglyph structures relevant to TrueType GX and variable font files. The flaw arises from improper handling of signed and unsigned values within the code, leading to a scenario where a heap buffer is allocated too small to accommodate the data being written. Consequently, this allows attackers to write data outside the allocated buffer, potentially enabling arbitrary code execution.

Organizations utilizing FreeType, particularly in applications that process variable or TrueType fonts, could suffer significant negative impacts if this vulnerability is exploited. The exploitation could lead to unauthorized access, allowing attackers to execute arbitrary code, gain control over the affected systems, or compromise sensitive data. Given the broad deployment of FreeType across numerous platforms, its exploitation poses a risk not only to individual users but also to enterprises relying on software that integrates this font rendering library.

Potential impact of CVE-2025-27363

Arbitrary Code Execution: The primary risk associated with CVE-2025-27363 is the potential for arbitrary code execution. Successful exploitation allows attackers to execute malicious code on the affected system, which could lead to further compromises, such as installing malware, exfiltrating sensitive data, or facilitating additional attacks on the network.
Widespread Vulnerability Presence: FreeType is widely utilized across various software and hardware platforms, including mobile devices and web applications. This widespread integration means that the impact of the vulnerability could affect millions of devices, leading to a large attack surface that threat actors can exploit.
Targeted Attacks on High-Value Individuals: The exploitation of CVE-2025-27363 may be particularly appealing to cybercriminals targeting high-profile individuals or organizations. Given that attacks can occur with no user interaction required, this vulnerability enables stealthy intrusions that can be leveraged to gather intelligence, steal credentials, or manipulate data without the user's awareness.

CISA has reported CVE-2025-27363

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-27363 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

FreeType 0.0.0 <= 2.13.0

News Articles

Help Net Security

CVE-2025-32819 CVE-2025-27363

Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What a future without CVEs means for cyber defense For

3 weeks ago