Search for vulnerabilities
Vulnerability details: VCID-a94z-fw5x-sugj
Vulnerability ID VCID-a94z-fw5x-sugj
Aliases CVE-2025-53101
GHSA-qh3h-j545-h8c9
Summary ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-124 Buffer Underwrite ('Buffer Underflow')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53101.json
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2025-53101
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-qh3h-j545-h8c9
cvssv3.1 7.4 https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
generic_textual HIGH https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
cvssv3.1 7.4 https://github.com/ImageMagick/ImageMagick
generic_textual HIGH https://github.com/ImageMagick/ImageMagick
cvssv3.1 7.4 https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e
generic_textual HIGH https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e
cvssv3.1 7.4 https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
generic_textual HIGH https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
ssvc Track https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
cvssv3.1 7.4 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
cvssv3.1_qr HIGH https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
generic_textual HIGH https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
ssvc Track https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2025-53101
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2025-53101
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53101.json
https://api.first.org/data/v1/epss?cve=CVE-2025-53101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53101
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
https://github.com/ImageMagick/ImageMagick
https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e
1109339 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
2379947 https://bugzilla.redhat.com/show_bug.cgi?id=2379947
66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
CVE-2025-53101 https://nvd.nist.gov/vuln/detail/CVE-2025-53101
GHSA-qh3h-j545-h8c9 https://github.com/advisories/GHSA-qh3h-j545-h8c9
GHSA-qh3h-j545-h8c9 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
USN-7728-1 https://usn.ubuntu.com/7728-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53101.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ImageMagick/ImageMagick
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:27:44Z/ Found at https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:27:44Z/ Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-53101
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.16279
EPSS Score 0.00052
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:22:07.848448+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/53xxx/CVE-2025-53101.json 37.0.0