AI description
CVE-2025-27363 is a vulnerability found in FreeType versions 2.13.0 and below. It occurs when parsing font subglyph structures related to TrueType GX and variable font files. The issue stems from assigning a signed short value to an unsigned long, followed by adding a static value. This causes a wrap-around, resulting in a heap buffer that is too small being allocated. The vulnerability allows writing up to 6 signed long integers out of bounds relative to the undersized buffer. This out-of-bounds write can potentially lead to arbitrary code execution. It has been reported that this vulnerability may have been exploited in the wild.
- Description
- An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
- Source
- cve-assign@fb.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- FreeType Out-of-Bounds Write Vulnerability
- Exploit added on
- May 6, 2025
- Exploit action due
- May 27, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-787
- Hype score
- Not currently trending
Última atualização de segurança, foi em Fevereiro deste ano. Uma falha foi encontrada e apontada em março. @MotorolaBR 😕 * CVE-2025-27363 https://t.co/cYRnXj3ZjS
@jeiel_0rbit
12 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
12 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-27363: A zero-click RCE in FreeType exploited in the wild. Impacts Android, Linux, and major browsers. Discovered by Meta, patched by Google in May 2025. Update FreeType to v2.13.1+ immediately. #CVE202527363 #Android #FreeType #RCE #CyberSecurity https://t.co/2CqMiN1bUf
@stephan_fr9324
12 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
11 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#Android users: #Google just patched a serious zero-day (CVE-2025-27363) being actively exploited. Update your phone *immediately*. The bug lives in the FreeType library. https://t.co/5QgqlQYoZQ #zeroday
@top10vpn
11 May 2025
131 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
10 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
به تازگی گوگل برای ۵۷ آسیب پذیری که مهمترین آنها ، آسیب پذیری از نوع RCE با کد شناسایی CVE-2025-27363 می باشد ، پچ و به روز رسانی لازم را منتشر نموده است. گوشی های ان
@AmirHossein_sec
10 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👩🏻💻CVE-2025-27363 – Android System Component Exploit Severity: High (CVSS 8.1) A flaw in Android’s System component enables local code execution without needing additional privileges. Google reported targeted exploitation of this vulnerability. Reference: https:
@miss_redhat
10 May 2025
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
10 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
گوگل بهروزرسانی امنیتی ماه می را برای اندروید منتشر کرده که شامل رفع ۴۶ آسیبپذیری امنیتی است. یکی از این آسیبپذیریها با شناسه CVE-2025-27363 (با امتیاز CVSS
@cybernetic_cy
10 May 2025
151 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Společnost Google vydala začátkem května update systému Android, který opravuje řadu zranitelností včetně vážného Zero-day CVE-2025-27363. Chyba v renderovacím enginu FreeType spočívala v out-of-bounds write a mohla vést k arbitrary code execution. Druhá p
@AlefSecurity
9 May 2025
79 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
9 May 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
開源字型引擎FreeType在今年3月被Facebook安全團隊披露有重大漏洞CVE-2025-27363,並表示可能被利用,如今Google在5月Andorid例行更新修補這項漏洞,指出已有駭客利用此漏洞於攻擊行動的跡象, 額外一提的是,3月底Red H
@cheng527
9 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
8 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google has released the May 2025 security updates for Android with fixes for 45 security flaws. Fixes include actively exploited zero-click FreeType 2 code execution vulnerability tracked as CVE-2025-27363, is a high-severity arbitrary code execution bug https://t.co/ujMQv6jVGl h
@riskigy
8 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en los productos Samsung ❗CVE-2025-27363 ❗CVE-2025-20957 ❗CVE-2025-20963 ➡️Más info: https://t.co/dTeyFqc44S https://t.co/I6LfGMUYd9
@CERTpy
8 May 2025
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
أطلقت جوجل تحديث أمان جديد لأندرويد، يعالج 46 ثغرة أمنية، بما في ذلك ثغرة حرجة تم استغلالها فعليًا (CVE-2025-27363)⚠️!! ينصح بتحديث أجهزتكم فورًا لضمان الأمان. ه
@almutamayiz99_
8 May 2025
408 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢Google ออกอัปเดตแก้ไขช่องโหว่ CVE-2025-27363 บน Android หลังพบการโจมตี#ThaiCERT #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrY
@ThaiCERTByNCSA
8 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Out of bounds write vulnerability in FreeType versions 2.13.0 and below (CVE-2025-27363) #CVE202527363 #CyberSecurity #FreeType #OutofBoundsWriteVulnerability https://t.co/1whSMRDlxG https://t.co/t8sTC5U8qD
@SystemTek_UK
8 May 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Androids May 2025 Update Tackles CVE-2025-27363 & More Langflow & MagicINFO Exploited, Kibana at Risk | 07-05-2025 Source: https://t.co/TvKLF2hmm7 Key details below ↓ 💀Threats: Mirai, 🎯Victims: Android, Langflow, Samsung magicinfo,
@rst_cloud
8 May 2025
61 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
8 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Androidの定例アップデートでFreeTypeのゼロデイ脆弱性(CVE-2025-27363)が修正 #セキュリティ対策Lab #セキュリティ #Security https://t.co/aIzkUWMa8D
@securityLab_jp
7 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#TusksUp 🧵1/ URGENT: Android Zero-Day Exploited in the Wild Google just patched CVE-2025-27363 — a critical Android System flaw that's already being used by attackers. If you’re using an Android device, read this now. 👇
@byte_lock
7 May 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔐 Android Users: Critical Security Update Released Google has rolled out the May 2025 Android security update, addressing 47 vulnerabilities, including an actively exploited zero-day flaw (CVE-2025-27363). This update is crucial for protecting your device against potential ht
@Synergycorpp
7 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 One malicious font file could compromise your entire device and you’d never know Google just patched CVE-2025-27363 in its May 2025 Android security update. It’s a critical vulnerability already being exploited in the wild. https://t.co/mJfJQ7H5t8
@efani
7 May 2025
316 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
7 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google's May 2025 Android Security Bulletin patches 46 vulnerabilities, including the active exploit CVE-2025-27363, a local code execution flaw. Timely updates are crucial for device security. 🔒 #Android #SecurityUpdate #USA https://t.co/6s4tw6tI6N
@TweetThreatNews
7 May 2025
83 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited #FreeType flaw fixed in #Android (#CVE-2025-27363) https://t.co/GxDrbyrbq9
@ScyScan
7 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
グーグル、アンドロイドで積極的に悪用されていたFreeTypeの欠陥を修正(CVE-2025-27363) https://t.co/rHkRyGTKHU #Security #セキュリティ #ニュース
@SecureShield_
7 May 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-27363 #FreeType Out-of-Bounds Write Vulnerability https://t.co/0l3MQxdjQn
@ScyScan
6 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Android Alert! Google patches CVE-2025-27363, a critical FreeType vulnerability actively exploited in the wild. 🔧 Found by Facebook 📱 Affects millions of Android devices ⚠️ Update to May 2025 patch now! 🔗https://t.co/hzla5CXtGV #Android #CVE202527363 #CyberSecur
@cybrhoodsentinl
6 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Actualiza tu Android YA! 🚨 Google corrige la vulnerabilidad CVE-2025-27363, explotada activamente, que permite ejecutar código sin interacción. 📱 Afecta FreeType en Android 13-15. Instala el parche de mayo 2025 (nivel 2025-05-05) para protegerte. #AndroidSecurity h
@GeosbanysC
6 May 2025
30 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added a FreeType out-of-bounds write vulnerability CVE-2025-27363 to our Known Exploited Vulnerabilities Catalog. Visit Redirect to https://t.co/bJOgGeWmb8 & apply mitigations to protect your org from cyberattacks. https://t.co/2nABOzt2eB
@CISACyber
6 May 2025
5011 Impressions
15 Retweets
25 Likes
1 Bookmark
0 Replies
2 Quotes
SunsetHost Hacker News Report: Google Addresses Critical Android Vulnerability CVE-2025-27363 in May 2025 Security Update https://t.co/FDqXtU2Nrb https://t.co/mj3RFfmlvw
@DonELichterman
6 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Google just fixed a major Android flaw! CVE-2025-27363 lets hackers run code without your action. 📲 Update your Android now! #CyberSecurity #HoplonInfosec #AndroidSecurity #Google #CVE202527363 #Android https://t.co/1LUshMXgyQ
@HoplonInfosec
6 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Android Flaw Exploited in the Wild - Google Urges Users to Update ASAP Google just released its May 2025 Android security update, patching 46 vulnerabilities - including one that’s already being actively exploited. 📌 The critical flaw: - CVE-2025-27363 (CVSS 8.1) - F
@efani
6 May 2025
287 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Update ASAP: Google Fixes Android #flaw (#CVE-2025-27363) Exploited by Attackers https://t.co/tZOpn8MXDu
@AdliceSoftware
6 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update ASAP: Google fixes Android flaw (CVE-2025-27363) exploited by attackers https://t.co/liH7ZqIf3r
@sabatage
6 May 2025
278 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Google corrige vulnerabilidad crítica en #Android (CVE-2025-27363) 🚨 La falla, ya explotada activamente, permite ejecución de código sin privilegios adicionales ni interacción del usuario. 📲 Actualizá tu dispositivo ya para protegerte. 🔗 https://t.co/St9Whmv
@ojo_cibernetico
6 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualizaciones de seguridad mensuales para Android ❗CVE-2025-27363 ➡️Más info: https://t.co/YjS8fvFyDC https://t.co/8zw699BMsF
@CERTpy
6 May 2025
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة خطيرة تستهدف اجهزة اندرويد ثغرة CVE-2025-27363 : ثغرة في مكونات النظام تقود الى تنفيذ الكود البرمجي محليًا دون الحاجة إلى امتيازات تنفيذ إضافية او تدخل ال
@mr_thamer
6 May 2025
2201 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
[Critical vulnerability CVE-2025-27363 in Android is actively exploited] Google has released a security update for Android, eliminating 46 vulnerabilities, including CVE-2025-27363, a critical bug in the System component that allows local code execution without additional https:
@NGT_Cybercrime
6 May 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📱 Google Fixes Android Zero-Day Exploited in the Wild One of 46 flaws patched in May, CVE-2025-27363 lets hackers run code on your device—no clicks needed. Update now. https://t.co/BHhNo80Yl8 #Android #ZeroDay https://t.co/ex1E5QYatf
@dCypherIO
6 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27363
@transilienceai
6 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google fixed actively exploited Android flaw CVE-2025-27363 https://t.co/sSefruFSNN
@Dinosn
6 May 2025
2009 Impressions
4 Retweets
9 Likes
4 Bookmarks
0 Replies
0 Quotes
📱 Google patches a critical Android zero-day (CVE-2025-27363) in May’s update—an exploit in FreeType used in the wild since March. Update ASAP! #AndroidSecurity #ZeroDay #Google #CyberSecurity #TechNews https://t.co/yryeBpaGBl
@geniuspulse360
6 May 2025
53 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google fixed actively exploited Android flaw CVE-2025-27363 https://t.co/bhxsvmQjFf #TechNews #CyberSecurity #ThreatIntel
@EnRouteIT
6 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 NEWS: @Google rolled out a new security update for Android devices on Monday, which patched around 50 vulnerabilities, including the exploited CVE-2025-27363 piece of code. https://t.co/gRsDSBJiHX
@hack_snacks
6 May 2025
28 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Android Update Patches Actively Exploited Vulnerability Google's latest Android security update addresses 46 flaws, including a critical zero-click vulnerability (CVE-2025-27363) being actively exploited. https://t.co/meAAhkH269
@the_yellow_fall
6 May 2025
455 Impressions
4 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
My #tuesdayvibe for t'internet defenders. By me @Forbes: what you need to know about CVE-2025-27363. #infosec https://t.co/OU7xyxPZIR
@happygeek
6 May 2025
161 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47088474-E5B5-4220-8F12-D664F2DED5C1",
"versionEndIncluding": "2.13.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]