Main Vulnerability Database Vulnerabilities #VU114418

Format string error in ImageMagick - CVE-2025-55298

Published: August 26, 2025

Vulnerability identifier: #VU114418

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-55298

CWE-ID: CWE-134

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ImageMagick.org

Affected software:
ImageMagick

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a format string error in the "InterpretImageFilename" function. A remote user can supply a specially crafted input that contains format string specifiers and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2025-55298

Install updates from vendor's website.

Sources

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645

Format string error in ImageMagick - CVE-2025-55298

Detailed vulnerability description

How to mitigate CVE-2025-55298

Sources

Please verify you're human