CVE-2025-15273 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-15273?

CVE-2025-15273 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in FontForge's PFB file parser allows remote attackers to execute arbitrary code when users open malicious PFB files or visit malicious web pages. This affects all FontForge installations that process PFB files. Successful exploitation gives attackers the same privileges as the current user.

📋 TL;DR

A stack-based buffer overflow vulnerability in FontForge's PFB file parser allows remote attackers to execute arbitrary code when users open malicious PFB files or visit malicious web pages. This affects all FontForge installations that process PFB files. Successful exploitation gives attackers the same privileges as the current user.

💻 Affected Systems

Products:

FontForge

Versions: All versions prior to patched version

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with FontForge installed that processes PFB files is vulnerable. The vulnerability is in the core PFB parsing functionality.

📦 What is this software?

Fontforge by Fontforge

View all CVEs affecting Fontforge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running FontForge, potentially leading to lateral movement, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system when opening malicious PFB files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and FontForge runs with minimal privileges.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file or visiting malicious site) but can be delivered via web downloads or email attachments.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files, but requires social engineering or compromised internal resources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but the vulnerability is straightforward to exploit once a malicious PFB file is crafted. ZDI has confirmed the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check FontForge releases after advisory date

Vendor Advisory: https://github.com/fontforge/fontforge/security/advisories

Restart Required: Yes

Instructions:

1. Check current FontForge version. 2. Update to latest patched version from official repository. 3. Restart FontForge and any dependent services.

🔧 Temporary Workarounds

Disable PFB file processing

all

Block or restrict PFB file processing in FontForge configuration

# Configure FontForge to reject PFB files or use file type restrictions

Sandbox FontForge execution

all

Run FontForge in a sandboxed environment with limited privileges

# Use firejail on Linux: firejail --net=none fontforge
# Use Windows Sandbox or similar isolation

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized FontForge execution
Use endpoint protection that can detect and block malicious PFB files

🔍 How to Verify

Check if Vulnerable:

Check FontForge version and compare against patched releases. Test with known safe PFB files to ensure parsing works.

Check Version:

fontforge --version

Verify Fix Applied:

Verify FontForge version is updated to patched release and test PFB file processing functionality.

📡 Detection & Monitoring

Log Indicators:

FontForge crashes with stack overflow errors
Unexpected child processes spawned from FontForge
Abnormal memory usage patterns in FontForge

Network Indicators:

Downloads of PFB files from untrusted sources
Outbound connections from FontForge process

SIEM Query:

process_name="fontforge" AND (event_id="1000" OR memory_usage>threshold)

📊 Metadata

CVE ID: CVE-2025-15273

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.28% exploit probability (51.3th percentile)

Published: December 31, 2025

Last Updated: January 7, 2026

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-1191/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15273, you might also want to check these: