CVE-2025-55298
Published: 26 August 2025
Summary
CVE-2025-55298 is a high-severity Write-what-where Condition (CWE-123) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely identification, reporting, and remediation of software flaws like the format string vulnerability in ImageMagick via patching to fixed versions.
Implements memory protections such as address space layout randomization and non-executable memory to mitigate heap overflows and arbitrary memory corruption from the format string bug.
Requires validation and sanitization of user inputs prior to processing by ImageMagick's InterpretImageFilename to block malicious format strings.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Format string vuln in ImageMagick enables direct RCE via crafted network input to public image-processing services.
NVD Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization.…
more
An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
Deeper analysisAI
CVE-2025-55298 is a format string vulnerability (CWE-134 and CWE-123) in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue resides in the InterpretImageFilename function, where user input is passed directly to FormatLocaleString without proper sanitization in versions prior to 6.9.13-28 and 7.1.2-2. This flaw enables attackers to overwrite arbitrary memory regions, potentially leading to heap overflows and other severe memory corruption.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating exploitation over the network with high attack complexity and low privileges required. An attacker with network access and low-privilege credentials, such as in an image-processing service, can submit crafted input to trigger the format string bug, achieving high impacts on confidentiality, integrity, and availability, including potential remote code execution.
ImageMagick has patched the vulnerability in versions 6.9.13-28 and 7.1.2-2, as detailed in the GitHub security advisory GHSA-9ccg-6pjw-x645 and the fixing commit 439b362b93c074eea6c3f834d84982b43ef057d5. Mitigation guidance from advisories recommends immediate upgrades; derivative projects like Magick.NET have released version 14.8.1, and Debian LTS has issued corresponding updates as noted in their announcement.
Details
- CWE(s)