CVE-2025-48708

low-risk

Published 2025-05-23

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.0/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Ghostscript

Affected Vendors

Artifex

References (3)

Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=708446

Patch https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c62...

Mailing List http://www.openwall.com/lists/oss-security/2025/05/23/2

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal