CVE-2025-66034

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions fontTools versions 4.33.0 through 4.60.1

Description fontTools is a Python library used for manipulating fonts. A flaw exists in the fontTools.varLib script, specifically within the main() code path, which can lead to arbitrary file write and potential remote code execution when processing a malicious .designspace file. This issue impacts the fontTools.varLib command-line interface and any code that calls fontTools.varLib.main().

Recommendations Update fontTools to version 4.60.2 or later.

Exploit

Fix

LPE

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2025-66034

GHSA-768J-98CG-P3FV

OPENSUSE-SU-2026:10076-1

OPENSUSE-SU-2026:20119-1

SUSE-SU-2026:0199-1

SUSE-SU-2026:20184-1

USN-7917-1

Affected Products

Debian

Linuxmint

Ubuntu

Fonttools

CVE-2025-66034

Weakness Enumeration

Related Identifiers

Affected Products

References · 38