Cyber Resilience

CVE-2025-53101

HighPublic PoC

Published: 14 July 2025

Published
14 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0035 57.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53101 is a high-severity Buffer Underflow (CWE-124) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-53101 is a stack overflow vulnerability (CWE-124) in ImageMagick, a free and open-source software suite for editing and manipulating digital images. It affects versions prior to 7.1.2-0 and 6.9.13-26, specifically in the `magick mogrify` command. The flaw occurs when multiple consecutive `%d` format specifiers are provided in a filename template, causing internal pointer arithmetic to generate an address below the beginning of the stack buffer and triggering a stack overflow via `vsnprintf()`.

The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating it can be exploited remotely over the network by unauthenticated attackers with no privileges required and no user interaction needed, though it demands high attack complexity. Exploitation allows attackers to severely impact system integrity and availability, such as through denial of service or corruption of image processing operations, without affecting confidentiality.

Mitigation is addressed by upgrading to ImageMagick versions 7.1.2-0 or 6.9.13-26, which include the fixing commit at https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774. Official advisories provide further details, including the GitHub security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 and a Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html.

EU & UK References

Vulnerability details

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to…

more

generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote network-exploitable stack overflow in ImageMagick (public-facing image processing) directly enables T1190 for integrity/availability impact via crafted filename templates.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26284Same product: Imagemagick Imagemagick
CVE-2026-23876Same product: Imagemagick Imagemagick
CVE-2025-55298Same product: Imagemagick Imagemagick
CVE-2026-25987Same product: Imagemagick Imagemagick
CVE-2026-25985Same product: Imagemagick Imagemagick
CVE-2026-25988Same product: Imagemagick Imagemagick
CVE-2026-24481Same product: Imagemagick Imagemagick
CVE-2026-25897Same product: Imagemagick Imagemagick
CVE-2026-25794Same product: Imagemagick Imagemagick
CVE-2026-25969Same product: Imagemagick Imagemagick

Affected Assets

imagemagick
imagemagick
≤ 6.9.13-26 · 7.0.0-0 — 7.1.2-0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identification, reporting, and correction of flaws such as this ImageMagick stack overflow via timely patching to versions 7.1.2-0 or 6.9.13-26.

prevent

Implements memory protection mechanisms like stack canaries, ASLR, and DEP that directly mitigate exploitation of stack overflows triggered by malformed filename templates.

prevent

Requires validation of inputs like filename templates to block those with multiple consecutive %d specifiers before they reach the vulnerable magick mogrify command.

References