CVE-2026-25965
HIGH
GHSA-8jvj-p28h-9gm7
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
Analysis
ImageMagick before versions 7.1.2-15 and 6.9.13-40 allows local attackers to bypass path security policies and disclose sensitive files through path traversal sequences in filenames, as the policy enforcement occurs before filesystem resolution normalizes the paths. An attacker with local access can read restricted files like those in /etc/ even when policy-secure.xml is applied. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running ImageMagick and identify exposure scope, particularly web applications and automated image processing services. Within 7 days: Implement compensating controls (see below) and restrict ImageMagick access to trusted input only; disable path expansion features if feasible. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today