CVE-2025-15564 – This vulnerability in Mapnik up to version 4.2.... (How to Fix)

Q: What is the severity of CVE-2025-15564?

CVE-2025-15564 has a CVSS score of 3.3 (LOW). This vulnerability in Mapnik up to version 4.2.0 allows local attackers to trigger a divide-by-zero error in the mapnik::detail::mod operator. This could cause denial of service by crashing the application. Only users running Mapnik with local access are affected.

📋 TL;DR

This vulnerability in Mapnik up to version 4.2.0 allows local attackers to trigger a divide-by-zero error in the mapnik::detail::mod operator. This could cause denial of service by crashing the application. Only users running Mapnik with local access are affected.

💻 Affected Systems

Products:

Mapnik

Versions: Up to and including 4.2.0

Operating Systems: All platforms running Mapnik

Default Config Vulnerable: ⚠️ Yes

Notes: Only exploitable by users with local access to the system running Mapnik.

📦 What is this software?

Mapnik by Mapnik

View all CVEs affecting Mapnik →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service for Mapnik-dependent services, potentially disrupting map rendering workflows.

🟠

Likely Case

Local user causes Mapnik process to crash, requiring restart of affected services.

🟢

If Mitigated

Minimal impact with proper privilege separation and monitoring in place.

🌐 Internet-Facing: LOW - Attack requires local access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users could disrupt Mapnik services, but requires existing local access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access and knowledge of triggering the vulnerable function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

No official patch available. Monitor Mapnik repository for updates. Consider upgrading to future versions when fix is released.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems running Mapnik to trusted users only.

Implement process monitoring

all

Monitor Mapnik processes for crashes and implement automatic restart mechanisms.

🧯 If You Can't Patch

Implement strict access controls to limit local users who can interact with Mapnik processes
Deploy monitoring and alerting for Mapnik process crashes with automated recovery procedures

🔍 How to Verify

Check if Vulnerable:

Check Mapnik version: mapnik-config --version. If version is 4.2.0 or earlier, system is vulnerable.

Check Version:

mapnik-config --version

Verify Fix Applied:

When patch is available, verify version is greater than 4.2.0 using mapnik-config --version.

📡 Detection & Monitoring

Log Indicators:

Mapnik process crashes
Divide-by-zero errors in application logs
SIGFPE signals

Network Indicators:

None - local exploit only

SIEM Query:

Process:Name="mapnik" AND EventID="1000" OR ExceptionCode="0xc0000094"

📊 Metadata

CVE ID: CVE-2025-15564

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-369

EPSS Score: 0.01% exploit probability (2.5th percentile)

Published: February 7, 2026

Last Updated: February 28, 2026

🔗 References

https://github.com/mapnik/mapnik/ Product
https://github.com/mapnik/mapnik/issues/4545 Exploit,Issue Tracking
https://github.com/oneafter/1219/blob/main/repro Exploit
https://vuldb.com/?ctiid.344502 Permissions Required,VDB Entry
https://vuldb.com/?id.344502 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.743386 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15564, you might also want to check these: