CVE-2025-53101
Published: 14 July 2025
Summary
CVE-2025-53101 is a high-severity Buffer Underflow (CWE-124) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network-exploitable stack overflow in ImageMagick (public-facing image processing) directly enables T1190 for integrity/availability impact via crafted filename templates.
NVD Description
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to…
more
generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
Deeper analysisAI
CVE-2025-53101 is a stack overflow vulnerability (CWE-124) in ImageMagick, a free and open-source software suite for editing and manipulating digital images. It affects versions prior to 7.1.2-0 and 6.9.13-26, specifically in the `magick mogrify` command. The flaw occurs when multiple consecutive `%d` format specifiers are provided in a filename template, causing internal pointer arithmetic to generate an address below the beginning of the stack buffer and triggering a stack overflow via `vsnprintf()`.
The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating it can be exploited remotely over the network by unauthenticated attackers with no privileges required and no user interaction needed, though it demands high attack complexity. Exploitation allows attackers to severely impact system integrity and availability, such as through denial of service or corruption of image processing operations, without affecting confidentiality.
Mitigation is addressed by upgrading to ImageMagick versions 7.1.2-0 or 6.9.13-26, which include the fixing commit at https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774. Official advisories provide further details, including the GitHub security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 and a Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html.
Details
- CWE(s)