QwikSec

Security Database

CVE

CWE

Training

CVE-2025-55298

Published: Aug 26, 2025

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

Vendor	Product	Versions
ImageMagick	ImageMagick	affected `< 7.1.2-2` affected `< 6.9.13-28`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5

x_refsource_MISC

https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.