CVE-2025-66034

CVSS v3.1

6.3

Vector

AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions fontTools versions 4.33.0 through 4.60.1

Description fontTools is a Python library used for manipulating fonts. Versions from 4.33.0 up to, but not including, 4.60.2 contain a file write issue within the

varLib

script (or when using

python3 -m fontTools.varLib

). This can lead to remote code execution when processing a malicious

.designspace

file. The issue resides in the

main()

code path of

fontTools.varLib

, which is utilized by the

fontTools varLib

command-line interface and any code that calls

fontTools.varLib.main()

Recommendations Update to fontTools version 4.60.2 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2025-66034

Affected Products

Fonttools

CVE-2025-66034

Weakness Enumeration

Related Identifiers

Affected Products

References · 5