CVE-2025-48708
CVE-2025-48708 is a medium-severity vulnerability in Artifex Ghostscript with a CVSS 3.x base score of 4.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-212.
Key facts
- Severity: Medium (CVSS 3.x base score 4.0)
- EPSS exploit prediction: 0% (19th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-28243
- Weakness: CWE-212
- Affected product: Artifex Ghostscript
- Published:
- Last modified:
Description
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
Frequently asked questions
- What is CVE-2025-48708?
- gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
- How severe is CVE-2025-48708?
- CVE-2025-48708 has a CVSS 3.x base score of 4.0, rated medium severity. It is exploitable over local access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2025-48708 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (19th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-48708?
- CVE-2025-48708 affects Artifex Ghostscript. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-48708?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-48708 have an EU (EUVD) identifier?
- Yes. CVE-2025-48708 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-28243.
- When was CVE-2025-48708 published?
- CVE-2025-48708 was published on 2025-05-23 and last updated on 2026-06-17.
References
- https://bugs.ghostscript.com/show_bug.cgi?id=708446
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee
- http://www.openwall.com/lists/oss-security/2025/05/23/2
Affected products (1)
- cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
More vulnerabilities in Artifex Ghostscript
- CVE-2021-3781 — Critical (CVSS 9.9): A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting…
- CVE-2025-27837 — Critical (CVSS 9.8): An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated…
- CVE-2025-27836 — Critical (CVSS 9.8): An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in…
- CVE-2025-27832 — Critical (CVSS 9.8): An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for…
- CVE-2025-27831 — Critical (CVSS 9.8): An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow…
- CVE-2020-36773 — Critical (CVSS 9.8): Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for…
All CVEs affecting Artifex Ghostscript →
Other CWE-212 vulnerabilities
- CVE-2022-2818 — Critical (CVSS 9.8): Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to…
- CVE-2020-11684 — Critical (CVSS 9.1): AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control…
- CVE-2026-39937 — High (CVSS 8.8): Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation…
- CVE-2022-30617 — High (CVSS 8.8): An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and…
- CVE-2022-0355 — High (CVSS 8.8): Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
- CVE-2021-0340 — High (CVSS 8.8): In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input…