https://www.cve.org/CVERecord?id=CVE-2025-48708 was published today with this description:
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. The bug report at https://bugs.ghostscript.com/show_bug.cgi?id=708446 says: When generating a password-protected PDF using the latest version of the tool on Windows 10, I noticed that the full command-line input, including the plaintext password, is embedded at the beginning of the generated PDF file. This allows anyone with access to the PDF to retrieve the password simply by running a command like "type" (Windows) or "cat" (Linux/macOS) on the file. The fix included in the 10.05.1 release appears to be: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?h=gs10.05.1&id=5b5968c306b3e35cdeec83bb15026fd74a7334de -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris