cbcvebase.
CVE-2025-53101
published 2025-07-14

CVE-2025-53101: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.79%
51.7th percentile
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Affected

15 ranges
VendorProductVersion rangeFixed in
debianimagemagick< imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (bookworm)imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (bookworm)
imagemagickimagemagick< 7.1.2-07.1.2-0
imagemagickimagemagick< 6.9.13-266.9.13-26
imagemagickimagemagick>= 0 < 8:6.9.11.60+dfsg-1.3+deb11u68:6.9.11.60+dfsg-1.3+deb11u6
imagemagickimagemagick>= 0 < 8:6.9.11.60+dfsg-1.6+deb12u48:6.9.11.60+dfsg-1.6+deb12u4
imagemagickimagemagick>= 0 < 8:7.1.1.43+dfsg1-1+deb13u18:7.1.1.43+dfsg1-1+deb13u1
imagemagickimagemagick>= 0 < 8:7.1.1.47+dfsg1-28:7.1.1.47+dfsg1-2
imagemagickimagemagick>= 0 < 8:6.7.7.10-6ubuntu3.13+esm138:6.7.7.10-6ubuntu3.13+esm13
imagemagickimagemagick>= 0 < 8:6.8.9.9-7ubuntu5.16+esm128:6.8.9.9-7ubuntu5.16+esm12
imagemagickimagemagick>= 0 < 8:6.9.7.4+dfsg-16ubuntu6.15+esm48:6.9.7.4+dfsg-16ubuntu6.15+esm4
imagemagickimagemagick>= 0 < 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm28:6.9.10.23+dfsg-2.1ubuntu11.11+esm2
imagemagickimagemagick>= 0 < 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm28:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm2
imagemagickimagemagick>= 0 < 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm18:6.9.12.98+dfsg1-5.2ubuntu0.1~esm1
imagemagickimagemagick>= 7.0.0-0 < 7.1.2-07.1.2-0
msrcazl3_kernel_6.6.57.1-7_on_azure_linux_3.0

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition: multiple consecutive `%d` format specifiers in a filename template passed to `magick mogrify` command cause stack buffer overflow via `vsnprintf()`
  • Monitor invocations of `magick mogrify` (or legacy `mogrify`) with filename arguments containing repeated `%d` sequences (e.g., `%d%d%d...`), which is the attack vector for this vulnerability
  • Impact includes crash (DoS) or possible arbitrary code execution; treat any unexpected ImageMagick crash involving mogrify filename templates as potentially exploited
  • ·Vulnerability is exploitable only in versions prior to 7.1.2-0 (ImageMagick 7 branch) and 6.9.13-26 (ImageMagick 6 branch); patched versions are not affected
  • ·Scope is local per Debian security tracker; exploitation requires the ability to supply a crafted filename template to the mogrify command
  • ·No mitigation is available from Red Hat for affected RHEL versions; patching to a fixed version is the only remediation

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian7.4HIGH
vendor_redhat7.4HIGH
vendor_msrc5.5MEDIUM
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.