Cyber Resilience

CVE-2025-70968

CriticalPublic PoC

Published: 14 January 2026

Published
14 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0045 35.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-70968 is a critical-severity Use After Free (CWE-416) vulnerability in Freeimage Project Freeimage. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-70968 is a Use After Free vulnerability (CWE-416) affecting FreeImage version 3.18.0, located in the PluginTARGA.cpp file within the loadRLE() function. Published on 2026-01-14, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

A remote network attacker requires no privileges or user interaction to exploit this flaw. Successful exploitation can result in high confidentiality, integrity, and availability impacts, enabling outcomes such as arbitrary code execution, data corruption, or denial of service on affected systems processing Targa images via FreeImage.

A reference implementation demonstrating the issue is available at https://github.com/MiracleWolf/FreeimageCrash/tree/main, which focuses on crash reproduction for the vulnerability. No specific patches or mitigation guidance from advisories is detailed in available information.

EU & UK References

Vulnerability details

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

UAF in image library enables unauthenticated remote code execution when processing crafted Targa files over network (AV:N, UI:N), directly mapping to exploitation of public-facing applications that ingest images.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-45185Shared CWE-416
CVE-2026-41401Shared CWE-416
CVE-2026-3593Shared CWE-416
CVE-2024-45434Shared CWE-416
CVE-2026-6722Shared CWE-416
CVE-2026-31972Shared CWE-416
CVE-2024-46981Shared CWE-416
CVE-2026-22857Shared CWE-416
CVE-2025-36854Shared CWE-416
CVE-2026-0794Shared CWE-416

Affected Assets

freeimage project
freeimage
3.18.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the Use After Free vulnerability in FreeImage by identifying, reporting, and patching the specific flaw in PluginTARGA.cpp loadRLE().

prevent

Memory protection safeguards prevent unauthorized code execution from Use After Free flaws like this one in image processing by employing techniques such as ASLR and DEP.

detect

Vulnerability scanning detects the presence of vulnerable FreeImage 3.18.0 versions, enabling proactive remediation before exploitation.

References