Cyber Posture

CVE-2025-27598

HighPublic PoC

Published: 06 March 2025

Published
06 March 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0035 57.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27598 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Sixlabors Imagesharp. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 42.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires timely identification, reporting, and patching of flaws in third-party software components like the vulnerable ImageSharp GIF decoder.

SI-10 Information Input Validation partial match
prevent

Mandates validation of information inputs such as GIF images prior to processing by the decoder to block specially crafted files triggering the out-of-bounds write.

SI-16 Memory Protection partial match
prevent

Implements memory protections like address space randomization and guard pages that mitigate out-of-bounds writes and limit crash impacts from the GIF decoder vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The out-of-bounds write vulnerability in the GIF decoder directly enables remote exploitation causing application crash and denial of service, mapping to application or system exploitation under endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has…

more

been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.

Deeper analysisAI

CVE-2025-27598 is an Out-of-bounds Write vulnerability (CWE-787) in the GIF decoder component of ImageSharp, a 2D graphics API. The flaw enables processing of a specially crafted GIF image to trigger an out-of-bounds write, published on 2025-03-06 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Remote attackers require no privileges or user interaction to exploit the vulnerability over the network with low attack complexity. Successful exploitation causes a crash in applications using the affected ImageSharp GIF decoder, potentially resulting in denial of service.

The issue has been patched in ImageSharp versions 3.1.7 and 2.1.10, with users advised to upgrade immediately. Details are available in the GitHub security advisory (GHSA-2cmq-823j-5qj8), issue tracker (#2859), and pull request (#2890).

Details

CWE(s)
CWE-787

Affected Products

sixlabors
imagesharp
≤ 2.1.10 · 3.0.0 — 3.1.7

CVEs Like This One

CVE-2026-6069Shared CWE-787
CVE-2025-25372Shared CWE-787
CVE-2024-7695Shared CWE-787
CVE-2025-24139Shared CWE-787
CVE-2025-13151Shared CWE-787
CVE-2025-24326Shared CWE-787
CVE-2026-29775Shared CWE-787
CVE-2026-41989Shared CWE-787
CVE-2026-24827Shared CWE-787
CVE-2026-27853Shared CWE-787

References