A high-severity vulnerability has been discovered in multiple FontForge products, identified as CVE-2025-15269. This flaw allows an attacker to take complete control of a user's computer by tricking them into opening a specially crafted font file. Due to the potential for remote code execution, this vulnerability poses a significant risk of data theft, malware installation, and further network compromise.

This is a Use-After-Free vulnerability that occurs within the file parsing component of FontForge when processing Spline Font Database (SFD) files. An attacker can create a malicious SFD file that causes the application to incorrectly manage memory allocations. When the application attempts to access a memory location that has already been deallocated (freed), the attacker can exploit this condition to corrupt memory and execute arbitrary code on the victim's system with the same privileges as the user running the application.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could lead to a complete system compromise, allowing an attacker to execute arbitrary code remotely. The potential consequences include theft of sensitive data and intellectual property (such as proprietary font designs), installation of persistent malware like ransomware or spyware, and using the compromised machine as a pivot point to launch further attacks against the internal network. This poses a direct risk to data confidentiality, integrity, and system availability.

Immediate Action: Apply the security patches released by FontForge to all affected systems immediately, prioritizing any internet-facing systems or workstations that handle files from external sources. Following patching, monitor systems for any signs of exploitation attempts by reviewing application and system logs for unusual activity related to FontForge processes.

Proactive Monitoring: Security teams should monitor for application crashes related to the FontForge executable, as these could indicate failed exploitation attempts. Watch for suspicious child processes being spawned by FontForge (e.g., cmd.exe, powershell.exe, or unexpected network connections). Monitor network traffic for unusual outbound connections from workstations running FontForge.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Use application control solutions (like AppLocker) to prevent FontForge from creating child processes.
• Run FontForge in a sandboxed or virtualized environment to contain any potential exploitation.
• Enforce a strict policy of only opening SFD files from trusted and verified sources.
• Utilize network and endpoint security solutions to detect and block anomalous behavior associated with this vulnerability.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the potential for remote code execution, this vulnerability requires immediate attention. The primary recommendation is to apply the vendor-supplied patches across all affected assets without delay. Organizations should prioritize patching workstations used by designers or other personnel who are likely to receive and open SFD files from external parties. While not yet on the CISA KEV list, the severity of the vulnerability warrants treating it with urgency to prevent future exploitation.