CVE-2025-48708: gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript through 10.05.0 lacks argument sanitization for the # case.

2.9 CVSS

Description

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript through 10.05.0 lacks argument sanitization for the # case.

Classification

CVE ID: CVE-2025-48708

CVSS Base Severity: LOW

CVSS Base Score: 2.9

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

Affected Products

Vendor: Artifex

Product: Ghostscript

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.83% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48708
https://bugs.ghostscript.com/show_bug.cgi?id=708446
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee

Timeline