FreeType Out-of-Bounds Write Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2025-27363) - #CVE-2025-27363
A critical vulnerability (CVE-2025-27363) in the FreeType font rendering library, affecting versions up to 2.13.0, has been actively exploited in the wild. This high-severity flaw, with a CVSS score of 8.1, allows for remote code execution through an out-of-bounds write when parsing certain font structures. The vulnerability impacts a wide range of operating systems and devices, including Android, iOS, and various Linux distributions. Google addressed this issue in its May 2025 Android Security Bulletin, urging users to update their devices immediately. The flaw was initially reported by Facebook's security team in March 2025, highlighting the importance of timely patching and continuous monitoring of open-source software components. Users and administrators are strongly advised to upgrade to FreeType version 2.13.0 or later to mitigate the risk of exploitation.