CVE-2025-48798
7.3
HIGH
CVSS 3.1
EPSS 0.08%
Description
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
How to fix CVE-2025-48798
To remediate CVE-2025-48798, upgrade the affected package to a fixed version below.
- Debian/gimp—upgrade to 2.10.22-4+deb11u3 or later
Is CVE-2025-48798 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.10.22-4+deb11u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |