Meta detected a high-severity security vulnerability in the FreeType font rendering library that has likely been exploited. The flaw, tracked as CVE-2025-27363 with a CVSS score of 8.1, enables remote code execution through manipulated TrueType GX and variable fonts. Versions up to 2.13.0 are affected, with the risk extending to various Linux distributions. Although a patch was issued two years prior, it remains unapplied in systems like Ubuntu 22.04, Debian, Amazon Linux 2, Alpine Linux, RHEL, and CentOS. Meta urges immediate updates to FreeType 2.13.3 to prevent further exploitation of this vulnerability.
TPRM report: https://scoringcyber.rankiteo.com/company/meta
"id": "met547032025",
"linkid": "meta",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Technology',
'type': 'Operating System Distributions'}],
'attack_vector': 'Remote Code Execution',
'description': 'Meta detected a high-severity security vulnerability in the '
'FreeType font rendering library that has likely been '
'exploited. The flaw, tracked as CVE-2025-27363 with a CVSS '
'score of 8.1, enables remote code execution through '
'manipulated TrueType GX and variable fonts. Versions up to '
'2.13.0 are affected, with the risk extending to various Linux '
'distributions. Although a patch was issued two years prior, '
'it remains unapplied in systems like Ubuntu 22.04, Debian, '
'Amazon Linux 2, Alpine Linux, RHEL, and CentOS. Meta urges '
'immediate updates to FreeType 2.13.3 to prevent further '
'exploitation of this vulnerability.',
'impact': {'systems_affected': ['Ubuntu 22.04',
'Debian',
'Amazon Linux 2',
'Alpine Linux',
'RHEL',
'CentOS']},
'recommendations': ['Update to FreeType 2.13.3'],
'response': {'remediation_measures': ['Update to FreeType 2.13.3']},
'title': 'High-Severity Vulnerability in FreeType Font Rendering Library',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2025-27363'}