CVE-2026-25971
Published: 24 February 2026
Summary
CVE-2026-25971 is a medium-severity Uncontrolled Recursion (CWE-674) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 6.2 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Supports resumption at alternate site when uncontrolled recursion causes primary site failure or crash.
Prevents uncontrolled recursion that exhausts stack or CPU resources.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local stack overflow (via uncontrolled recursion in MSL parsing) that directly causes ImageMagick process crashes, enabling Endpoint DoS through application exploitation (T1499.004). No other techniques are supported by the described impact or attack vector.
NVD Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a…
more
patch.
Deeper analysisAI
CVE-2026-25971 affects ImageMagick, a free and open-source software suite for editing and manipulating digital images. The vulnerability arises in the Magick component, where prior to versions 7.1.2-15 and 6.9.13-40, the software fails to check for circular references between two MSL (Magick Scripting Language) files. This flaw triggers a stack overflow, classified under CWE-674 (Uncontrolled Recursion) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. By providing specially crafted MSL files with circular references, the attacker induces a stack overflow in ImageMagick, resulting in high-impact availability disruption, such as process crashes or denial of service.
The official GitHub security advisory (GHSA-8mpr-6xr2-chhc) confirms that ImageMagick versions 7.1.2-15 and 6.9.13-40 include patches to address the circular reference check failure. Security practitioners should update to these fixed versions to mitigate the issue.
Details
- CWE(s)