CVE-2025-55004NVD

Vulnerability Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.

Severity Level

HIGH(7.6)

Published Date

Aug 13, 2025

Last Modified

Aug 15, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-122: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityLow

AvailabilityLow

External References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
https://goo.gle/bigsleep
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-55004NVD

Vulnerability Summary

External References