Vulnerability cyber

GIMP

May 27, 2025 1 min read
GIMP

Two critical security vulnerabilities were discovered in the popular GIMP image editing software. These vulnerabilities allow remote attackers to execute arbitrary code on affected systems. The flaws, identified as CVE-2025-2760 and CVE-2025-2761, were publicly disclosed on April 7th, 2025, and affect GIMP installations prior to version 3.0.0. Both vulnerabilities require user interaction to trigger successful exploitation. The vulnerabilities were discovered by security researcher Michael Randrianantenaina and reported through the Zero Day Initiative (ZDI). Each vulnerability carries a CVSS v3.0 base score of 7.8, indicating significant potential impacts on system confidentiality, integrity, and availability. Mitigation steps include upgrading to GIMP 3.0.0 or later versions and implementing security awareness training.

Source: https://cybersecuritynews.com/gimp-image-editor-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/gimp-org

"id": "gim323052725",
"linkid": "gimp-org",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"
{'affected_entities': [{'industry': 'Image Editing',
                        'name': 'GIMP',
                        'type': 'Software'}],
 'attack_vector': ['Opening malicious files', 'Visiting compromised web pages'],
 'date_publicly_disclosed': '2025-04-07',
 'date_resolved': '2025-03-16',
 'description': 'Two critical security vulnerabilities discovered in the '
                'popular GIMP image editing software have been disclosed. '
                'These vulnerabilities allow remote attackers to execute '
                'arbitrary code on affected systems.',
 'lessons_learned': 'Implement security awareness training to educate users '
                    'about the risks of opening untrusted image files',
 'motivation': 'Execute arbitrary code',
 'post_incident_analysis': {'corrective_actions': ['Implement proper input '
                                                   'validation mechanisms'],
                            'root_causes': ['Insufficient validation of '
                                            'user-supplied data',
                                            'Integer overflow condition',
                                            'Out-of-bounds write condition']},
 'recommendations': 'Upgrade to GIMP 3.0.0 or later versions immediately to '
                    'mitigate these vulnerabilities',
 'references': [{'source': 'Security vendors'}],
 'response': {'containment_measures': 'Implement proper input validation '
                                      'mechanisms',
              'remediation_measures': 'Upgrade to GIMP 3.0.0 or later '
                                      'versions'},
 'threat_actor': 'Remote attackers',
 'title': 'Critical Security Vulnerabilities in GIMP Image Editing Software',
 'type': 'Software Vulnerability',
 'vulnerability_exploited': ['CVE-2025-2760', 'CVE-2025-2761']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.