CVE-2026-25988

Medium

Published: 24 February 2026

Published

24 February 2026

Modified

25 February 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score 0.0003 7.3th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25988 is a medium-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Memory leak in network-reachable ImageMagick (MSL parser) directly enables remote exploitation of public-facing applications for resource-exhaustion DoS; maps to T1190 for the attack vector and T1499.004 for deliberate application exploitation causing service denial.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on…

error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Deeper analysisAI

CVE-2026-25988 is a memory leak vulnerability in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The flaw occurs in the msl.c component, where the stack index fails to update properly, resulting in images being stored in the wrong slot and not freed during error conditions. This affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40.

The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating it can be exploited over the network with low complexity by unauthenticated attackers without requiring user interaction. Exploitation triggers repeated memory leaks, enabling a denial-of-service condition through resource exhaustion, though it has no impact on confidentiality or integrity.

The official ImageMagick security advisory (GHSA-782x-jh29-9mf7) confirms that versions 7.1.2-15 and 6.9.13-40 include a patch to address the stack index update failure. Affected systems should be upgraded to these patched releases, and the issue is tracked under CWE-401 (Memory Leak).

Details

CWE(s): CWE-401

Affected Products

imagemagick

≤ 6.9.13-40 · 7.0.0-0 — 7.1.2-15

CVEs Like This One

CVE-2026-25969Same product: Imagemagick Imagemagick

CVE-2026-25796Same product: Imagemagick Imagemagick

CVE-2026-25985Same product: Imagemagick Imagemagick

CVE-2026-32636Same product: Imagemagick Imagemagick

CVE-2026-28693Same product: Imagemagick Imagemagick

CVE-2026-33901Same product: Imagemagick Imagemagick

CVE-2026-25983Same product: Imagemagick Imagemagick

CVE-2026-25897Same product: Imagemagick Imagemagick

CVE-2026-25798Same product: Imagemagick Imagemagick

CVE-2026-25986Same product: Imagemagick Imagemagick

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7
Third Party Advisory · security-advisories@github.com