Cyber Resilience

CVE-2026-25971

Medium

Published: 24 February 2026

Published
24 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v3.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0021 10.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-25971 is a medium-severity Uncontrolled Recursion (CWE-674) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 6.2 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-25971 affects ImageMagick, a free and open-source software suite for editing and manipulating digital images. The vulnerability arises in the Magick component, where prior to versions 7.1.2-15 and 6.9.13-40, the software fails to check for circular references between two MSL (Magick Scripting Language) files. This flaw triggers a stack overflow, classified under CWE-674 (Uncontrolled Recursion) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. By providing specially crafted MSL files with circular references, the attacker induces a stack overflow in ImageMagick, resulting in high-impact availability disruption, such as process crashes or denial of service.

The official GitHub security advisory (GHSA-8mpr-6xr2-chhc) confirms that ImageMagick versions 7.1.2-15 and 6.9.13-40 include patches to address the circular reference check failure. Security practitioners should update to these fixed versions to mitigate the issue.

EU & UK References

Vulnerability details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a…

more

patch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The CVE describes a local stack overflow (via uncontrolled recursion in MSL parsing) that directly causes ImageMagick process crashes, enabling Endpoint DoS through application exploitation (T1499.004). No other techniques are supported by the described impact or attack vector.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33908Same product: Imagemagick Imagemagick
CVE-2026-28691Same product: Imagemagick Imagemagick
CVE-2026-25799Same product: Imagemagick Imagemagick
CVE-2026-25989Same product: Imagemagick Imagemagick
CVE-2026-25796Same product: Imagemagick Imagemagick
CVE-2026-30883Same product: Imagemagick Imagemagick
CVE-2026-22770Same product: Imagemagick Imagemagick
CVE-2026-32636Same product: Imagemagick Imagemagick
CVE-2026-25795Same product: Imagemagick Imagemagick
CVE-2026-26283Same product: Imagemagick Imagemagick

Affected Assets

imagemagick
imagemagick
≤ 6.9.13-40 · 7.0.0-0 — 7.1.2-15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patches (7.1.2-15 / 6.9.13-40) that add the missing circular-reference checks in MSL processing.

prevent

Mandates validation of all input (here, MSL files) to reject malformed constructs such as circular references before they reach the parser.

prevent

Requires memory-protection mechanisms that can contain or terminate uncontrolled recursion and resulting stack overflows before full denial of service occurs.

References