Cyber Resilience

CVE-2026-25968

HighUpdated

Published: 24 February 2026

Published
24 February 2026
Modified
23 June 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0027 18.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25968 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-25968 is a stack buffer overflow vulnerability in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue affects versions prior to 7.1.2-15 and 6.9.13-40, specifically in the msl.c component during processing of an attribute. A long value overflows a fixed-size stack buffer, resulting in memory corruption. The vulnerability is associated with CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) and carries a CVSS v3.1 base score of 7.4.

An unauthenticated attacker can exploit this vulnerability over the network without user interaction and with no privileges required, though it demands high attack complexity. Successful exploitation leads to high impacts on confidentiality and availability through memory corruption, potentially enabling information disclosure or denial-of-service conditions, while integrity impact remains none and scope is unchanged.

The ImageMagick GitHub security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph details the patch, which is included in versions 7.1.2-15 and 6.9.13-40. Security practitioners should update to these fixed versions to mitigate the risk.

EU & UK References

Vulnerability details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading…

more

to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote network-exploitable stack buffer overflow in ImageMagick (often integrated into public-facing services) directly maps to T1190; memory corruption enabling DoS conditions maps to T1499.004 Application or System Exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25967Same product: Imagemagick Imagemagick
CVE-2026-32636Same product: Imagemagick Imagemagick
CVE-2026-25986Same product: Imagemagick Imagemagick
CVE-2026-33901Same product: Imagemagick Imagemagick
CVE-2026-28693Same product: Imagemagick Imagemagick
CVE-2026-25983Same product: Imagemagick Imagemagick
CVE-2026-25970Same product: Imagemagick Imagemagick
CVE-2026-25897Same product: Imagemagick Imagemagick
CVE-2026-25969Same product: Imagemagick Imagemagick
CVE-2026-25798Same product: Imagemagick Imagemagick

Affected Assets

imagemagick
imagemagick
≤ 6.9.13-40 · 7.0.0-0 — 7.1.2-15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the security patches in ImageMagick 7.1.2-15 / 6.9.13-40 that eliminate the stack buffer overflow in msl.c.

prevent

Enforces configuration settings that restrict ImageMagick to approved, patched versions, blocking use of vulnerable binaries.

detect

Requires vulnerability scanning that would identify systems running the affected ImageMagick versions prior to exploitation.

References