CVE-2025-66034 | fontTools up to 4.60.1 fontTools.varLib.main xml injection (GHSA-768j-98cg-p3fv)

A vulnerability classified as critical has been found in fontTools up to 4.60.1. This affects the function fontTools.varLib.main. Performing manipulation results in xml injection.

This vulnerability is cataloged as CVE-2025-66034. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More