{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10925", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2025-09-24T15:54:26.088Z", "datePublished": "2025-10-29T19:29:54.680Z", "dateUpdated": "2025-10-29T19:29:54.680Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-10-29T19:29:54.680Z"}, "title": "GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ILBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27793."}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"version": "3.0.4", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-914/", "name": "ZDI-25-914", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2450", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2025-09-24T15:54:26.137Z", "datePublic": "2025-09-24T18:19:50.189Z", "source": {"lang": "en", "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ILBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27793."}], "id": "CVE-2025-10925", "lastModified": "2025-10-29T20:15:35.300", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2025-10-29T20:15:35.300", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2450"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-914/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{"bugzilla": {"description": "gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability", "id": "2407199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407199"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["A stack-based buffer overflow vulnerability exists in the ILBM file parsing functionality of GIMP. When processing a specially crafted ILBM image file, improper validation of user-supplied data length before copying to a stack buffer can lead to memory corruption. Successful exploitation allows an attacker to execute arbitrary code in the context of the current process. User interaction is required, as the victim must open a malicious ILBM file."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-10925", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gimp:2.8/gimp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-29T19:29:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-10925\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10925\nhttps://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2450\nhttps://www.zerodayinitiative.com/advisories/ZDI-25-914/"], "statement": "The vulnerability is classified as Important rather than Critical because it requires user interaction \u2014 exploitation cannot occur automatically. The attacker must convince a user to open a crafted file within GIMP, limiting the attack surface. Furthermore, the attack operates within the context of the current process, meaning system-level privileges are not directly obtained. However, due to the nature of stack-based buffer overflows, the issue is technically significant as it enables reliable code execution and full compromise of user data, making patching crucial.", "threat_severity": "Important"}

{}