CVE-2026-25965 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: February 25, 2026
ImageMagick - Local File Disclosure
Overview
ImageMagick < 7.1.2-15 and < 6.9.13-40 contains a local file disclosure caused by path traversal bypassing path security policy on raw filename strings, letting local attackers read sensitive files, exploit requires local file access.
Severity & Score
Impact
Local attackers can read sensitive files bypassing security policies, potentially exposing confidential information.
Mitigation
Update to versions 7.1.2-15 or 6.9.13-40 or later.
Social Media Activity(1 post)
#OT #Advisory VDE-2026-021 WAGO: Multiple Vulnerabilities in WAGO VC Hub The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images. #CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798 https://certvde.com/en/advisories/vde-2026-021/ #CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
View original postRelated Resources
Details
- CVE ID
- CVE-2026-25965
- Severity
- High
- CVSS Score
- 8.6
- Type
- path_traversal
- Status
- confirmed
- EPSS
- 4.7%
- Social Posts
- 1
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N