CVE-2025-53085
Published: 25 August 2025
Summary
CVE-2025-53085 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Sail Sail. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 40.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely flaw remediation, directly addressing the buffer overflow vulnerability by patching the SAIL library to prevent exploitation via malicious PSD files.
SI-16 implements memory protections such as ASLR and DEP that mitigate heap-based buffer overflows and prevent remote code execution even if the flaw is unpatched.
SI-10 enforces input validation on PSD files before decoding, reducing the risk of processing specially crafted images that trigger the heap overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in PSD decoder enables client-side RCE via malicious file requiring user interaction.
NVD Description
A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code…
more
execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Deeper analysisAI
CVE-2025-53085 is a memory corruption vulnerability in the PSD RLE Decoding functionality of the SAIL Image Decoding Library version 0.9.8. The issue arises during decompression of image data from a specially crafted .psd file, triggering a heap-based buffer overflow (CWE-122) that can enable remote code execution. Published on 2025-08-25, it affects applications or systems that incorporate this library for handling PSD files.
Attackers can exploit this vulnerability over a network with low complexity and no required privileges, though user interaction is necessary to convince a victim to process the malicious .psd file. Successful exploitation grants high-impact confidentiality, integrity, and availability effects (CVSS v3.1 base score: 8.8; AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), allowing arbitrary code execution in the context of the affected application.
The primary advisory from Talos Intelligence (TALOS-2025-2219) provides further technical details at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219. No specific patches or mitigations are detailed in the available information.
Details
- CWE(s)