Cyber Resilience

CVE-2025-1052

High

Published: 11 February 2025

Published
11 February 2025
Modified
18 February 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0154 81.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1052 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Mintty Project Mintty. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 18.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

Mintty contains a heap-based buffer overflow vulnerability in its sixel image parsing code that can lead to remote code execution. The flaw, tracked as ZDI-CAN-23382, stems from insufficient validation of the length of attacker-supplied data before it is copied into a heap buffer, allowing an out-of-bounds write. Affected installations are those of the Mintty terminal emulator; the issue is rated CVSS 8.8 with network attack vector and requires user interaction.

An unauthenticated remote attacker can exploit the vulnerability by persuading a target to visit a malicious web page or open a malicious file containing a crafted sixel image. Successful exploitation grants arbitrary code execution in the context of the current user, with impacts covering confidentiality, integrity, and availability.

The Zero Day Initiative advisory ZDI-25-084 addresses the issue and is the primary public reference for affected Mintty versions and remediation steps. The EPSS score rose from a low baseline to a peak of 0.0405, indicating that exploitation interest increased after disclosure and that the vulnerability merits renewed attention.

EU & UK References

Vulnerability details

Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a…

more

malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Buffer overflow in client-side image parser enables RCE via malicious file/web content (T1203 Exploitation for Client Execution), requiring user interaction to open file or visit page (T1204.002, T1189).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3913Shared CWE-122, CWE-787
CVE-2026-4673Shared CWE-122, CWE-787
CVE-2026-6305Shared CWE-122, CWE-787
CVE-2026-21283Shared CWE-122, CWE-787
CVE-2026-21277Shared CWE-122, CWE-787
CVE-2025-1429Shared CWE-122, CWE-787
CVE-2025-24453Shared CWE-122, CWE-787
CVE-2026-21281Shared CWE-122, CWE-787
CVE-2025-21139Shared CWE-122, CWE-787
CVE-2025-27171Shared CWE-122, CWE-787

Affected Assets

mintty project
mintty
≤ 3.7.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through patching or updating Mintty directly eliminates the heap-based buffer overflow in sixel image parsing.

prevent

Memory protection mechanisms like ASLR, DEP, and heap hardening prevent arbitrary code execution from successful heap buffer overflows in Mintty.

prevent

Information input validation ensures proper checking of user-supplied sixel image data lengths before copying to heap buffers, mitigating the root cause of the overflow.

References