Cyber Posture

CVE-2025-70968

CriticalPublic PoC

Published: 14 January 2026

Published
14 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70968 is a critical-severity Use After Free (CWE-416) vulnerability in Freeimage Project Freeimage. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Flaw remediation directly addresses the Use After Free vulnerability in FreeImage by identifying, reporting, and patching the specific flaw in PluginTARGA.cpp loadRLE().

SI-16 Memory Protection good match
prevent

Memory protection safeguards prevent unauthorized code execution from Use After Free flaws like this one in image processing by employing techniques such as ASLR and DEP.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Vulnerability scanning detects the presence of vulnerable FreeImage 3.18.0 versions, enabling proactive remediation before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

UAF in image library enables unauthenticated remote code execution when processing crafted Targa files over network (AV:N, UI:N), directly mapping to exploitation of public-facing applications that ingest images.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().

Deeper analysisAI

CVE-2025-70968 is a Use After Free vulnerability (CWE-416) affecting FreeImage version 3.18.0, located in the PluginTARGA.cpp file within the loadRLE() function. Published on 2026-01-14, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

A remote network attacker requires no privileges or user interaction to exploit this flaw. Successful exploitation can result in high confidentiality, integrity, and availability impacts, enabling outcomes such as arbitrary code execution, data corruption, or denial of service on affected systems processing Targa images via FreeImage.

A reference implementation demonstrating the issue is available at https://github.com/MiracleWolf/FreeimageCrash/tree/main, which focuses on crash reproduction for the vulnerability. No specific patches or mitigation guidance from advisories is detailed in available information.

Details

CWE(s)
CWE-416

Affected Products

freeimage project
freeimage
3.18.0

CVEs Like This One

CVE-2026-22857Shared CWE-416
CVE-2025-47917Shared CWE-416
CVE-2024-45434Shared CWE-416
CVE-2024-46981Shared CWE-416
CVE-2026-23427Shared CWE-416
CVE-2026-32942Shared CWE-416
CVE-2026-6722Shared CWE-416
CVE-2026-31972Shared CWE-416
CVE-2026-31718Shared CWE-416
CVE-2025-36854Shared CWE-416

References