Login Sign Up

CVE-2025-14425

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in GIMP allows remote attackers to execute arbitrary code by tricking users into opening malicious JP2 image files. The flaw exists in how GIMP handles JP2 file data without proper length validation, leading to heap buffer overflow. All GIMP users who open untrusted JP2 files are affected.

💻 Affected Systems

Products:
  • GIMP (GNU Image Manipulation Program)
Versions: Versions before commit cd1c88a0364ad1444c06536731972a99bd8643fd
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All GIMP installations that can open JP2 files are vulnerable by default. No special configuration required.

📦 What is this software?

Gimp by Gimp

View all CVEs affecting Gimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the GIMP user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the affected system, with potential data exfiltration.

🟢

If Mitigated

Application crash (denial of service) if exploit fails or security controls prevent code execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) but no authentication. ZDI has confirmed the vulnerability and likely has working exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GIMP with commit cd1c88a0364ad1444c06536731972a99bd8643fd or later

Vendor Advisory: https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd

Restart Required: Yes

Instructions:

1. Update GIMP through your distribution's package manager (apt, yum, dnf, etc.) or download latest version from gimp.org. 2. Restart GIMP after update. 3. Verify version includes the fix commit.

🔧 Temporary Workarounds

Disable JP2 file support

linux

Remove or disable JP2 file format plugin to prevent exploitation

mv /usr/lib/gimp/2.0/plug-ins/file-jp2* ~/backup/
mv /usr/lib64/gimp/2.0/plug-ins/file-jp2* ~/backup/

Block JP2 files at perimeter

all

Configure email/web filters to block .jp2 files

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized code execution
  • Run GIMP in sandboxed environment or with reduced privileges

🔍 How to Verify

Check if Vulnerable:

Check if GIMP version predates commit cd1c88a0364ad1444c06536731972a99bd8643fd

Check Version:

gimp --version

Verify Fix Applied:

Verify GIMP version includes the fix commit or check that JP2 files no longer cause crashes

📡 Detection & Monitoring

Log Indicators:

  • GIMP crash logs with memory access violations
  • Unexpected child processes spawned from GIMP

Network Indicators:

  • Outbound connections from GIMP process to unknown IPs
  • Unusual data exfiltration patterns

SIEM Query:

process_name:"gimp" AND (event_id:"1000" OR event_id:"1001") OR parent_process_name:"gimp" AND process_creation

📊 Metadata

CVE ID: CVE-2025-14425
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
EPSS Score: 0.09% exploit probability (25.7th percentile)
Published: December 23, 2025
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14425, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)