What is the CVSS score of CVE-2026-25965?

CVE-2026-25965 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Imagemagick are affected by CVE-2026-25965?

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a path traversal vulnerability that allows attackers to bypass security policies and access unauthorized files on systems running affected…. A patch is available.

Imagemagick CVE-2026-25965

HIGH

Path Traversal (CWE-22)

2026-02-24 security-advisories@github.com

GHSA-8jvj-p28h-9gm7

Path Traversal Red Hat Imagemagick Suse

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 02:16 nvd

HIGH 8.6

DescriptionNVD

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.

AnalysisAI

ImageMagick before versions 7.1.2-15 and 6.9.13-40 allows local attackers to bypass path security policies and disclose sensitive files through path traversal sequences in filenames, as the policy enforcement occurs before filesystem resolution normalizes the paths. An attacker with local access can read restricted files like those in /etc/ even when policy-secure.xml is applied. …

RemediationAI

Within 24 hours: Inventory all systems running ImageMagick and identify exposure scope, particularly web applications and automated image processing services. Within 7 days: Implement compensating controls (see below) and restrict ImageMagick access to trusted input only; disable path expansion features if feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory