CVE-2026-25987
Published: 24 February 2026
Summary
CVE-2026-25987 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-25987 is a heap buffer over-read vulnerability (CWE-125) in the MAP image decoder of ImageMagick, a free and open-source software suite for editing and manipulating digital images. The flaw affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, where processing crafted MAP files during image decoding can trigger the issue. Published on 2026-02-24, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity primarily due to low-impact confidentiality exposure.
The vulnerability can be exploited by unauthenticated attackers over the network with low complexity and no user interaction required, by supplying a maliciously crafted MAP file to an affected ImageMagick instance. Exploitation leads to potential crashes of the decoding process or unintended disclosure of heap memory contents, enabling limited information leakage without integrity modification or denial-of-service impacts as scored.
ImageMagick versions 7.1.2-15 and 6.9.13-40 address the vulnerability with a patch. Additional details are available in the project's security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7. Security practitioners should prioritize updating vulnerable deployments, particularly in web services or applications that process untrusted images via ImageMagick.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7418
Vulnerability details
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or…
more
unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of the heap over-read in ImageMagick's MAP decoder (via crafted file supplied to a network service) directly enables initial access against public-facing applications that process untrusted images.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch that eliminates the heap over-read in the MAP decoder.
Mandates validation of image file inputs to reject malformed MAP structures before decoder processing occurs.
Requires memory-protection mechanisms that can block or contain the unauthorized heap reads exploited by crafted MAP files.