Search for vulnerabilities
Vulnerability details: VCID-f1pt-6dxq-zfe7
Vulnerability ID VCID-f1pt-6dxq-zfe7
Aliases CVE-2025-48708
Summary gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
Status Published
Exploitability 0.5
Weighted Severity 3.0
Risk 1.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
System Score Found at
cvssv3 2.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48708.json
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-48708
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-48708
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-48708
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-48708
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-48708
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-48708
epss 5e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-48708
cvssv3.1 4 https://bugs.ghostscript.com/show_bug.cgi?id=708446
ssvc Track https://bugs.ghostscript.com/show_bug.cgi?id=708446
cvssv3.1 4 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee
ssvc Track https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee
cvssv3.1 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 3.3 https://nvd.nist.gov/vuln/detail/CVE-2025-48708
archlinux Low https://security.archlinux.org/AVG-2883
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48708.json
https://api.first.org/data/v1/epss?cve=CVE-2025-48708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48708
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
http://www.openwall.com/lists/oss-security/2025/05/23/2
2368134 https://bugzilla.redhat.com/show_bug.cgi?id=2368134
ASA-202505-15 https://security.archlinux.org/ASA-202505-15
AVG-2883 https://security.archlinux.org/AVG-2883
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
CVE-2025-48708 https://nvd.nist.gov/vuln/detail/CVE-2025-48708
?id=b587663c623b4462f9e78686a31fd880207303ee https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee
show_bug.cgi?id=708446 https://bugs.ghostscript.com/show_bug.cgi?id=708446
USN-7623-1 https://usn.ubuntu.com/7623-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48708.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugs.ghostscript.com/show_bug.cgi?id=708446
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T13:21:22Z/ Found at https://bugs.ghostscript.com/show_bug.cgi?id=708446
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T13:21:22Z/ Found at https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-48708
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.00227
EPSS Score 5e-05
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:55:28.886098+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7623-1/ 37.0.0