CVE-2025-1052
Published: 11 February 2025
Summary
CVE-2025-1052 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Mintty Project Mintty. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 18.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Mintty contains a heap-based buffer overflow vulnerability in its sixel image parsing code that can lead to remote code execution. The flaw, tracked as ZDI-CAN-23382, stems from insufficient validation of the length of attacker-supplied data before it is copied into a heap buffer, allowing an out-of-bounds write. Affected installations are those of the Mintty terminal emulator; the issue is rated CVSS 8.8 with network attack vector and requires user interaction.
An unauthenticated remote attacker can exploit the vulnerability by persuading a target to visit a malicious web page or open a malicious file containing a crafted sixel image. Successful exploitation grants arbitrary code execution in the context of the current user, with impacts covering confidentiality, integrity, and availability.
The Zero Day Initiative advisory ZDI-25-084 addresses the issue and is the primary public reference for affected Mintty versions and remediation steps. The EPSS score rose from a low baseline to a peak of 0.0405, indicating that exploitation interest increased after disclosure and that the vulnerability merits renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1979
Vulnerability details
Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a…
more
malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in client-side image parser enables RCE via malicious file/web content (T1203 Exploitation for Client Execution), requiring user interaction to open file or visit page (T1204.002, T1189).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through patching or updating Mintty directly eliminates the heap-based buffer overflow in sixel image parsing.
Memory protection mechanisms like ASLR, DEP, and heap hardening prevent arbitrary code execution from successful heap buffer overflows in Mintty.
Information input validation ensures proper checking of user-supplied sixel image data lengths before copying to heap buffers, mitigating the root cause of the overflow.