Login Sign Up

CVE-2025-52456

8.8 HIGH
Remote Code Execution

📋 TL;DR

A memory corruption vulnerability in the SAIL Image Decoding Library's WebP animation decoder allows remote code execution via specially crafted .webp files. When an integer overflow occurs during stride calculation, it leads to heap buffer overflow. Any application using SAIL Library v0.9.8 for WebP image processing is affected.

💻 Affected Systems

Products:
  • SAIL Image Decoding Library
Versions: v0.9.8
Operating Systems: All platforms where SAIL Library is used
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that uses SAIL Library to decode WebP animations is vulnerable. The vulnerability requires processing a malicious WebP file.

📦 What is this software?

Sail by Sail

View all CVEs affecting Sail →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the malicious WebP file, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the application context.

🟢

If Mitigated

Application crash without code execution if memory protections (ASLR, DEP) are effective.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires convincing the application to load a malicious WebP file. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.9.9 or later

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224

Restart Required: Yes

Instructions:

1. Check current SAIL Library version. 2. Update to v0.9.9 or later from official repository. 3. Rebuild any applications using the library. 4. Restart affected services.

🔧 Temporary Workarounds

Disable WebP animation processing

all

Configure applications to reject or skip WebP animation files if possible.

Application-specific configuration required

Input validation for WebP files

all

Implement file validation to reject suspicious WebP files before processing.

Custom implementation required based on application

🧯 If You Can't Patch

  • Implement strict file upload controls to prevent malicious WebP files from reaching vulnerable systems.
  • Use application sandboxing or containerization to limit potential damage from exploitation.

🔍 How to Verify

Check if Vulnerable:

Check if SAIL Library v0.9.8 is installed and used by applications for WebP decoding.

Check Version:

sail-config --version or check library files for version information

Verify Fix Applied:

Verify SAIL Library version is v0.9.9 or later and applications have been rebuilt with the updated library.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing WebP files
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual file uploads of WebP files to vulnerable endpoints

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "access violation" OR "heap corruption") AND process="*sail*"

📊 Metadata

CVE ID: CVE-2025-52456
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-680
EPSS Score: 0.2% exploit probability (41.5th percentile)
Published: August 25, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52456, you might also want to check these:

CVE-2020-13576 9.8

A remote code execution vulnerability exists in the WS-Addressing plugin of Genivia gSOAP 2.8.107. A...

Same vulnerability type (CWE-680)
CVE-2021-21783 9.8

This vulnerability allows remote code execution in Genivia gSOAP's WS-Addressing plugin. Attackers c...

Same vulnerability type (CWE-680)
CVE-2024-33078 9.8

CVE-2024-33078 is a critical buffer overflow vulnerability in Tencent Libpag v4.3 that allows remote...

Same vulnerability type (CWE-680)