Cyber Resilience

CVE-2025-2761

High

Published: 23 April 2025

Published
23 April 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0056 68.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2761 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Gimp Gimp. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 31.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2025-2761 is an out-of-bounds write vulnerability in the FLI file parser within GIMP that can lead to remote code execution. The flaw stems from insufficient validation of user-supplied data during FLI parsing, allowing a write past the end of an allocated buffer. It affects GIMP installations and carries a CVSS 7.8 score reflecting high impact on confidentiality, integrity, and availability when successfully exploited.

An unauthenticated remote attacker can trigger the issue by convincing a target to open a malicious FLI file or visit a page hosting one. Successful exploitation grants arbitrary code execution in the context of the GIMP process. No special privileges are required beyond the user interaction needed to load the crafted file.

The referenced Zero Day Initiative advisory ZDI-25-204 and the Debian LTS announcement detail the issue as ZDI-CAN-25100 and indicate that updates addressing the parsing flaw are available or in preparation for supported distributions.

EPSS for the CVE rose from a low baseline to a peak of 0.0150, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious…

more

page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gimp
gimp
2.10.38

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References