FreeType Zero-Day Being Exploited in the Wild
securityweekMeta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.
Meta’s Facebook security team has raised an alarm after spotting live exploitation of a zero-day vulnerability in the widely used FreeType software development library.
In a barebones advisory, Facebook warned that the security defect was found in FreeType versions 2.13.0 and below and provides a pathway for arbitrary code execution attacks.
“This vulnerability may have been exploited in the wild,” Facebook said, without providing any details on the reported attacks. The bug has been tagged as CVE-2025-27363 and carries a CVSS severity score of 8.1 out of 10.
The full Facebook bulletin:
“An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files.
The vulnerable code assigns a signed short ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE