CVE-2025-10924 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-10924?

CVE-2025-10924 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious FF files in GIMP. The integer overflow during file parsing enables buffer overflow leading to remote code execution. All GIMP users who open untrusted FF files are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious FF files in GIMP. The integer overflow during file parsing enables buffer overflow leading to remote code execution. All GIMP users who open untrusted FF files are affected.

💻 Affected Systems

Products:

GIMP (GNU Image Manipulation Program)

Versions: Versions prior to the fix in merge request 2448

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations that can open FF files are vulnerable. FF file format support is built into GIMP.

📦 What is this software?

Gimp by Gimp

View all CVEs affecting Gimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the GIMP user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system when opening a malicious FF file from email or downloads.

🟢

If Mitigated

Limited impact if user runs GIMP with minimal privileges and doesn't open untrusted files.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but common attack vectors like email attachments or downloads exist.

🏢 Internal Only: LOW - Primarily affects individual workstations rather than servers, though could be used in targeted attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file. Exploit development requires understanding of FF file format and GIMP's parsing logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version containing the fix from merge request 2448

Vendor Advisory: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448

Restart Required: No

Instructions:

1. Update GIMP to latest version from official repositories. 2. On Linux: Use package manager (apt, yum, dnf). 3. On Windows/macOS: Download from gimp.org. 4. Verify update applied.

🔧 Temporary Workarounds

Disable FF file support

linux

Remove or rename FF file plugin to prevent parsing

mv /usr/lib/gimp/2.0/plug-ins/file-ff /usr/lib/gimp/2.0/plug-ins/file-ff.disabled

Run with reduced privileges

all

Run GIMP as non-admin user to limit exploit impact

🧯 If You Can't Patch

Block FF files at network perimeter/email gateway
Educate users to never open FF files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check GIMP version and compare against patched version from merge request 2448

Check Version:

gimp --version

Verify Fix Applied:

Verify GIMP version is updated and test opening known safe FF files

📡 Detection & Monitoring

Log Indicators:

GIMP crash logs with FF file parsing errors
Unexpected process spawns from GIMP

Network Indicators:

Downloads of FF files from suspicious sources

SIEM Query:

Process:gimp AND (FileExtension:ff OR FileName:*.ff)

📊 Metadata

CVE ID: CVE-2025-10924

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

EPSS Score: 0.09% exploit probability (24.7th percentile)

Published: October 29, 2025

Last Updated: November 4, 2025

🔗 References

https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448 Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-913/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10924, you might also want to check these: