CVE-2025-46407
Published: 25 August 2025
Summary
CVE-2025-46407 is a high-severity Integer Overflow to Buffer Overflow (CWE-680) vulnerability in Sail Sail. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 37.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of the integer overflow flaw in SAIL library's BMPv3 palette decoding to eliminate the vulnerability.
Implements memory protection mechanisms such as DEP, ASLR, and heap guards to prevent exploitation of the heap-based buffer overflow for remote code execution.
Mandates validation of untrusted BMP image inputs to reject specially crafted files that trigger the integer overflow during palette reading.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables RCE via processing of a malicious BMP image file, directly mapping to client-side exploitation and user execution of malicious files.
NVD Description
A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to…
more
overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Deeper analysisAI
A memory corruption vulnerability, designated CVE-2025-46407, affects the BMPv3 Palette Decoding functionality in the SAIL Image Decoding Library version 0.9.8. The issue arises when loading a specially crafted BMP file, triggering an integer overflow that leads to a heap-based buffer overflow during palette reading. This flaw, classified under CWE-680 (Integer Overflow to Buffer Overflow), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), highlighting its high severity due to potential for significant impact.
Exploitation requires an attacker to convince a user or application to load a malicious BMP file using the vulnerable library, typically through social engineering such as emailing or hosting a rigged image. No privileges are needed (PR:N), and it can be triggered over a network (AV:N) with low complexity (AC:L), though user interaction (UI:R) is required. Successful exploitation enables remote code execution, granting attackers high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) within the context of the affected process.
The primary advisory is detailed in the Talos Intelligence report TALOS-2025-2215, available at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215. Security practitioners should consult this reference for recommended mitigations, such as updating to a patched version of the library if available or avoiding untrusted BMP files in applications leveraging SAIL.
Details
- CWE(s)