CVE-2025-20001: An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability...

6.5 CVSS

Description

An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.

Classification

CVE ID: CVE-2025-20001

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem Types

CWE-125: Out-of-bounds Read

Affected Products

Vendor: High-Logic

Product: FontCreator

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.07% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20001
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2157

Timeline

2025-06-02 15:40:16 UTC
CVE

An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability...