CVE-2026-25987

Medium

Published: 24 February 2026

Published

24 February 2026

Modified

25 February 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0002 3.8th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25987 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated exploitation of the heap over-read in ImageMagick's MAP decoder (via crafted file supplied to a network service) directly enables initial access against public-facing applications that process untrusted images.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or…

unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Deeper analysisAI

CVE-2026-25987 is a heap buffer over-read vulnerability (CWE-125) in the MAP image decoder of ImageMagick, a free and open-source software suite for editing and manipulating digital images. The flaw affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, where processing crafted MAP files during image decoding can trigger the issue. Published on 2026-02-24, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity primarily due to low-impact confidentiality exposure.

The vulnerability can be exploited by unauthenticated attackers over the network with low complexity and no user interaction required, by supplying a maliciously crafted MAP file to an affected ImageMagick instance. Exploitation leads to potential crashes of the decoding process or unintended disclosure of heap memory contents, enabling limited information leakage without integrity modification or denial-of-service impacts as scored.

ImageMagick versions 7.1.2-15 and 6.9.13-40 address the vulnerability with a patch. Additional details are available in the project's security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7. Security practitioners should prioritize updating vulnerable deployments, particularly in web services or applications that process untrusted images via ImageMagick.

Details

CWE(s): CWE-125

Affected Products

imagemagick

≤ 6.9.13-40 · 7.0.0-0 — 7.1.2-15

CVEs Like This One

CVE-2026-24481Same product: Imagemagick Imagemagick

CVE-2026-25898Same product: Imagemagick Imagemagick

CVE-2026-26284Same product: Imagemagick Imagemagick

CVE-2026-33905Same product: Imagemagick Imagemagick

CVE-2025-55298Same product: Imagemagick Imagemagick

CVE-2025-53101Same product: Imagemagick Imagemagick

CVE-2026-23876Same product: Imagemagick Imagemagick

CVE-2026-28693Same product: Imagemagick Imagemagick

CVE-2026-25967Same product: Imagemagick Imagemagick

CVE-2026-25968Same product: Imagemagick Imagemagick

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7
Third Party Advisory · security-advisories@github.com