CVE-2025-15059 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-15059?

CVE-2025-15059 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PSP files in GIMP. The heap-based buffer overflow occurs during PSP file parsing due to insufficient length validation. All GIMP users who open untrusted PSP files are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PSP files in GIMP. The heap-based buffer overflow occurs during PSP file parsing due to insufficient length validation. All GIMP users who open untrusted PSP files are affected.

💻 Affected Systems

Products:

GIMP

Versions: Versions prior to the fix commit 03575ac8cbb0ef3103b0a15d6598475088dcc15e

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected GIMP versions are vulnerable when processing PSP files.

📦 What is this software?

Gimp by Gimp

View all CVEs affecting Gimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the GIMP user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system when opening a malicious PSP file.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing GIMP.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) but the vulnerability is well-documented and weaponization is likely given the RCE potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version containing commit 03575ac8cbb0ef3103b0a15d6598475088dcc15e

Vendor Advisory: https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e

Restart Required: No

Instructions:

1. Update GIMP to the latest version from official repositories. 2. For Linux: Use package manager (apt update && apt upgrade gimp). 3. For Windows/macOS: Download latest installer from gimp.org.

🔧 Temporary Workarounds

Disable PSP file support

linux

Remove or disable PSP file format plugin to prevent exploitation

mv /usr/lib/gimp/2.0/plug-ins/file-psp /usr/lib/gimp/2.0/plug-ins/file-psp.disabled

User education and file restrictions

all

Train users to avoid opening PSP files from untrusted sources and implement file type restrictions

🧯 If You Can't Patch

Run GIMP with reduced privileges (non-admin user account)
Use application sandboxing/containerization for GIMP

🔍 How to Verify

Check if Vulnerable:

Check GIMP version and compare with patched version containing commit 03575ac8cbb0ef3103b0a15d6598475088dcc15e

Check Version:

gimp --version

Verify Fix Applied:

Verify GIMP version is updated and test opening known safe PSP files

📡 Detection & Monitoring

Log Indicators:

GIMP crashes when processing PSP files
Unusual process spawning from GIMP

Network Indicators:

Outbound connections from GIMP process to unknown IPs

SIEM Query:

process_name:"gimp" AND (event_type:"crash" OR parent_process:"gimp")

📊 Metadata

CVE ID: CVE-2025-15059

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.06% exploit probability (19.3th percentile)

Published: January 23, 2026

Last Updated: February 26, 2026

🔗 References

https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-1196/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15059, you might also want to check these: