What is the CVSS score of CVE-2025-57807?

CVE-2025-57807 has a CVSS 3.1 base score of 3.8 (Low). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Imagemagick are affected by CVE-2025-57807?

CVE-2025-57807 is a low-severity vulnerability in ImageMagick (CVSS 3.8). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.. A patch is available.

Is there a public PoC exploit available for CVE-2025-57807?

Yes, a public proof-of-concept exploit is available for CVE-2025-57807. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-57807?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Imagemagick CVE-2025-57807

LOW

Heap-based Buffer Overflow (CWE-122)

2025-09-05 security-advisories@github.com

Buffer Overflow Heap Overflow Imagemagick

3.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:10 vuln.today

Patch released

Mar 28, 2026 - 19:10 nvd

Patch available

PoC Detected

Nov 03, 2025 - 19:16 vuln.today

Public exploit code

CVE Published

Sep 05, 2025 - 22:15 nvd

LOW 3.8

DescriptionNVD

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.

AnalysisAI

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.8). Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-122. ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. Affected products include: Imagemagick. Version information: version 14.8.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-57807 vulnerability details – vuln.today

Back