Cyber Resilience

CVE-2025-66293

HighPublic PoC

Published: 03 December 2025

Published
03 December 2025
Modified
16 December 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
EPSS Score 0.0014 33.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66293 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Libpng Libpng. Its CVSS base score is 7.1 (High).

Operationally, ranked at the 33.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the…

more

png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

libpng
libpng
≤ 1.6.52

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References