CVE-2025-53015
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-10-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | From 7.0.11-13 (inc) to 7.1.1-36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ImageMagick versions up to 7.1.1-47 occurs during the writing of XMP profiles, specifically in a function that converts floating-point values to fractions. Due to a flaw in the loop logic, the function can enter an infinite loop when processing certain large values, causing the ImageMagick process to hang indefinitely. This results in a denial of service as the process becomes unresponsive. The issue can be triggered remotely without any privileges or user interaction. [1]
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by making the ImageMagick process hang indefinitely during image writing operations. This leads to high availability loss of the affected service or application using ImageMagick. There are no impacts on confidentiality or integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for ImageMagick processes that hang or consume excessive CPU during image writing operations involving XMP profiles. Specifically, look for processes stuck in the function SyncXmpProfile or WriteImage. Since the vulnerability can be triggered remotely without privileges, network monitoring for unusual or repeated image processing requests may help. There are no specific commands provided in the resources, but you can use system tools like 'ps' or 'top' to identify hung ImageMagick processes, and network tools like 'tcpdump' or 'wireshark' to monitor suspicious traffic targeting ImageMagick services. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade ImageMagick to version 7.1.2-0 or later, where this vulnerability is fixed. Until the upgrade can be applied, consider restricting network access to ImageMagick services to trusted users only, and monitor for and terminate any hung ImageMagick processes to maintain availability. [1]