CVE-2026-25969
Published: 24 February 2026
Summary
CVE-2026-25969 is a medium-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2026-25969 is a memory leak vulnerability (CWE-401) in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue resides in the `coders/ashlar.c` file, where the `WriteASHLARImage` function allocates a structure but fails to release the memory when an exception is thrown. This affects all versions of ImageMagick prior to 7.1.2-15.
The vulnerability has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating it is exploitable over the network with low attack complexity, no privileges or user interaction required. Unauthenticated remote attackers can trigger the memory leak by processing a specially crafted image in the ASHLAR format, potentially leading to gradual resource exhaustion and denial-of-service conditions on affected systems.
The official GitHub security advisory (GHSA-xgm3-v4r9-wfgm) confirms the issue and states that ImageMagick version 7.1.2-15 addresses it with a patch that ensures proper memory release upon exceptions. Security practitioners should update to this version or later to mitigate the risk.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7431
Vulnerability details
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly…
more
released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote memory leak in ImageMagick enables exploitation of public-facing apps (T1190) to trigger application exhaustion/DoS via crafted input (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch (7.1.2-15) that eliminates the memory leak in WriteASHLARImage.
Enables continuous monitoring of memory and resource consumption to identify gradual exhaustion caused by repeated triggering of the ASHLAR coder leak.
Allows enforcement of approved software versions and configuration settings that prohibit use of vulnerable ImageMagick releases.