CVE-2025-48708

CWE-2127 documents7 sources
Severity
3.3LOW
EPSS
0.0%
top 93.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Ghostscript
Timeline
PublishedMay 23
Latest updateJul 8

Description

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

CVEListV5artifex/ghostscript< 10.05.1
NVDartifex/ghostscript< 10.05.1
Debianghostscript< 10.05.1~dfsg-1+1

Patches

Patch: cgit.ghostscript.com

🔴Vulnerability Details

3
GHSA
GHSA-7q9j-33vm-8375: gs_lib_ctx_stash_sanitized_arg in base/gslibctx2025-05-23
CVEList
CVE-2025-48708: gs_lib_ctx_stash_sanitized_arg in base/gslibctx2025-05-23
OSV
CVE-2025-48708: gs_lib_ctx_stash_sanitized_arg in base/gslibctx2025-05-23

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2025-07-08
Red Hat
Ghostscript: Ghostscript Argument Sanitization Vulnerability2025-05-23
Debian
CVE-2025-48708: ghostscript - gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before ...2025
CVE-2025-48708 (LOW CVSS 3.3) | gs_lib_ctx_stash_sanitized_arg in b | cvebase.io