Vulnerability Database

309,614

Total vulnerabilities in the database

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.

Published: Nov 29, 2025
Updated: Nov 30, 2025
CVE: CVE-2025-66034
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L

CWEs:

CWE-91

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo