Main Vulnerability Database Vulnerabilities #VU123254

#VU123254 Code Injection in ImageMagick - CVE-2026-25797

Published: February 25, 2026 / Updated: February 25, 2026

Vulnerability identifier: #VU123254

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-25797

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ImageMagick

Software vendor:
ImageMagick.org

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the ps encoders. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v

#VU123254 Code Injection in ImageMagick - CVE-2026-25797

Description

Remediation

External links

Please verify you're human