CVE-2025-48708: CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer in Artifex Ghostscript
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
AI Analysis
Technical Summary
CVE-2025-48708 is a medium-severity vulnerability identified in Artifex Ghostscript, a widely used interpreter for PostScript and PDF files. The vulnerability arises from improper sanitization of arguments in the function gs_lib_ctx_stash_sanitized_arg located in base/gslibctx.c prior to version 10.05.1. Specifically, the function fails to sanitize the '#' character in arguments, which leads to sensitive information, such as passwords, being included in cleartext within generated PDF documents. This issue is classified under CWE-212, which pertains to the improper removal of sensitive information before storage or transfer. The vulnerability does not require user interaction or privileges to exploit but does require local access (AV:L) to the system where Ghostscript is running. The CVSS v3.1 base score is 4.0, indicating a medium severity level, with confidentiality impact limited to partial disclosure of sensitive data, no impact on integrity or availability, and low attack complexity. No known exploits are currently reported in the wild, and no patches have been linked yet. The flaw essentially risks leaking passwords embedded in PDFs, potentially exposing sensitive credentials if the PDFs are shared or intercepted.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to confidentiality. Organizations that use Ghostscript for PDF generation or processing, especially those embedding passwords or sensitive data in PDFs, could inadvertently expose these secrets in cleartext. This could lead to unauthorized access if attackers obtain these documents, undermining data protection and privacy obligations under regulations like GDPR. The impact is particularly relevant for sectors handling sensitive or regulated data, such as finance, healthcare, legal, and government agencies. Although the vulnerability does not affect integrity or availability, the exposure of passwords could facilitate further attacks or unauthorized access to protected documents or systems. Since exploitation requires local access, the threat is more significant in environments where multiple users share systems or where attackers have gained initial footholds. The lack of user interaction and low attack complexity means that once local access is achieved, exploitation is straightforward. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for prompt mitigation.
Mitigation Recommendations
European organizations should take the following specific actions: 1) Immediately audit the use of Ghostscript in their environments to identify versions prior to 10.05.1. 2) Avoid embedding passwords or sensitive information directly in PDFs generated or processed by Ghostscript until a patch is available. 3) Implement strict access controls and monitoring on systems running Ghostscript to prevent unauthorized local access, including limiting user privileges and employing endpoint detection and response (EDR) solutions. 4) Use encryption and secure channels for PDF distribution to mitigate the risk of interception. 5) Monitor vendor communications closely for the release of a security patch and plan for rapid deployment. 6) Consider alternative PDF processing tools that do not exhibit this vulnerability if immediate patching is not feasible. 7) Review internal policies regarding password handling in documents to minimize exposure risk. These measures go beyond generic advice by focusing on operational controls, secure handling practices, and proactive monitoring tailored to the vulnerability's characteristics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-48708: CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer in Artifex Ghostscript
Description
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
AI-Powered Analysis
Technical Analysis
CVE-2025-48708 is a medium-severity vulnerability identified in Artifex Ghostscript, a widely used interpreter for PostScript and PDF files. The vulnerability arises from improper sanitization of arguments in the function gs_lib_ctx_stash_sanitized_arg located in base/gslibctx.c prior to version 10.05.1. Specifically, the function fails to sanitize the '#' character in arguments, which leads to sensitive information, such as passwords, being included in cleartext within generated PDF documents. This issue is classified under CWE-212, which pertains to the improper removal of sensitive information before storage or transfer. The vulnerability does not require user interaction or privileges to exploit but does require local access (AV:L) to the system where Ghostscript is running. The CVSS v3.1 base score is 4.0, indicating a medium severity level, with confidentiality impact limited to partial disclosure of sensitive data, no impact on integrity or availability, and low attack complexity. No known exploits are currently reported in the wild, and no patches have been linked yet. The flaw essentially risks leaking passwords embedded in PDFs, potentially exposing sensitive credentials if the PDFs are shared or intercepted.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to confidentiality. Organizations that use Ghostscript for PDF generation or processing, especially those embedding passwords or sensitive data in PDFs, could inadvertently expose these secrets in cleartext. This could lead to unauthorized access if attackers obtain these documents, undermining data protection and privacy obligations under regulations like GDPR. The impact is particularly relevant for sectors handling sensitive or regulated data, such as finance, healthcare, legal, and government agencies. Although the vulnerability does not affect integrity or availability, the exposure of passwords could facilitate further attacks or unauthorized access to protected documents or systems. Since exploitation requires local access, the threat is more significant in environments where multiple users share systems or where attackers have gained initial footholds. The lack of user interaction and low attack complexity means that once local access is achieved, exploitation is straightforward. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for prompt mitigation.
Mitigation Recommendations
European organizations should take the following specific actions: 1) Immediately audit the use of Ghostscript in their environments to identify versions prior to 10.05.1. 2) Avoid embedding passwords or sensitive information directly in PDFs generated or processed by Ghostscript until a patch is available. 3) Implement strict access controls and monitoring on systems running Ghostscript to prevent unauthorized local access, including limiting user privileges and employing endpoint detection and response (EDR) solutions. 4) Use encryption and secure channels for PDF distribution to mitigate the risk of interception. 5) Monitor vendor communications closely for the release of a security patch and plan for rapid deployment. 6) Consider alternative PDF processing tools that do not exhibit this vulnerability if immediate patching is not feasible. 7) Review internal policies regarding password handling in documents to minimize exposure risk. These measures go beyond generic advice by focusing on operational controls, secure handling practices, and proactive monitoring tailored to the vulnerability's characteristics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-05-23T00:00:00.000Z
- Cisa Enriched
- false
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682ff7ee0acd01a249270dc0
Added to database: 5/23/2025, 4:22:06 AM
Last enriched: 7/8/2025, 4:11:25 AM
Last updated: 8/9/2025, 2:23:28 AM
Views: 22
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.