CVE-2025-53101
Published: 14 July 2025
Summary
CVE-2025-53101 is a high-severity Buffer Underflow (CWE-124) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-53101 is a stack overflow vulnerability (CWE-124) in ImageMagick, a free and open-source software suite for editing and manipulating digital images. It affects versions prior to 7.1.2-0 and 6.9.13-26, specifically in the `magick mogrify` command. The flaw occurs when multiple consecutive `%d` format specifiers are provided in a filename template, causing internal pointer arithmetic to generate an address below the beginning of the stack buffer and triggering a stack overflow via `vsnprintf()`.
The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating it can be exploited remotely over the network by unauthenticated attackers with no privileges required and no user interaction needed, though it demands high attack complexity. Exploitation allows attackers to severely impact system integrity and availability, such as through denial of service or corruption of image processing operations, without affecting confidentiality.
Mitigation is addressed by upgrading to ImageMagick versions 7.1.2-0 or 6.9.13-26, which include the fixing commit at https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774. Official advisories provide further details, including the GitHub security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 and a Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21389
Vulnerability details
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to…
more
generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network-exploitable stack overflow in ImageMagick (public-facing image processing) directly enables T1190 for integrity/availability impact via crafted filename templates.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates identification, reporting, and correction of flaws such as this ImageMagick stack overflow via timely patching to versions 7.1.2-0 or 6.9.13-26.
Implements memory protection mechanisms like stack canaries, ASLR, and DEP that directly mitigate exploitation of stack overflows triggered by malformed filename templates.
Requires validation of inputs like filename templates to block those with multiple consecutive %d specifiers before they reach the vulnerable magick mogrify command.