CVE-2026-25897
Published: 24 February 2026
Summary
CVE-2026-25897 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-25897 is an integer overflow vulnerability in the Sun decoder of ImageMagick, a free and open-source software suite for editing and manipulating digital images. The flaw affects versions prior to 7.1.2-15 and 6.9.13-40, specifically on 32-bit systems or builds, where processing a carefully crafted image triggers the overflow, resulting in an out-of-bounds heap write. It is rated with a CVSS v3.1 base score of 6.5 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow) and CWE-190 (Integer Overflow or Wraparound). The vulnerability was published on 2026-02-24.
A remote, unauthenticated attacker can exploit this vulnerability by supplying a maliciously crafted image file to an ImageMagick instance using the Sun decoder on vulnerable 32-bit systems. Exploitation requires high attack complexity but no user interaction or privileges. Successful exploitation leads to a denial of service through high-impact availability disruption via heap corruption, with low confidentiality impact possible.
The ImageMagick GitHub security advisory (GHSA-6j5f-24fw-pqp4) confirms that versions 7.1.2-15 and 6.9.13-40 include patches to address the integer overflow. Security practitioners should upgrade affected ImageMagick installations, particularly those running 32-bit builds that process untrusted images, and consider disabling the Sun decoder if not required.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7440
Vulnerability details
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out…
more
of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote exploitation of the integer overflow in ImageMagick's Sun decoder (via crafted image) directly enables T1190 when the library is used by public-facing applications and T1499.004 for the resulting application DoS via heap corruption.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the integer overflow in the Sun decoder.
Requires disabling the Sun decoder (or restricting ImageMagick to least functionality) when the feature is not needed, eliminating the attack surface on 32-bit builds.
Mandates scanning to discover unpatched ImageMagick instances that remain vulnerable to crafted Sun-format images.