CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2025-68950

CVE-2025-68950: The Ouroboros of Graphics - ImageMagick Recursive DoS

Alon Barad
Alon Barad
Software Engineer

Jan 1, 2026·5 min read·24 visits

Executive Summary (TL;DR)

ImageMagick forgot to stop MVG files from loading other MVG files. By creating two tiny text files that reference each other, an attacker can trigger infinite recursion, exhausting the stack and crashing the process. Fix: Upgrade to 7.1.2-12 or disable the MVG coder in policy.xml.

A classic recursion vulnerability in ImageMagick's MVG (Magick Vector Graphics) parser allows for infinite loops via self-referential image primitives. While officially rated as 'Local' access, this creates a trivial Denial of Service vector for any web application processing user-uploaded images.

Official Patches

ImageMagickOfficial patch commit on GitHub

Fix Analysis (1)

Technical Appendix

CVSS Score
4.0/ 10
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Probability
0.01%
Top 100% most exploited

Affected Systems

ImageMagick < 7.1.2-12Web applications utilizing ImageMagick for image processingContent Management Systems (CMS) with image upload features

Affected Versions Detail

Product
Affected Versions
Fixed Version
ImageMagick
ImageMagick Studio LLC
< 7.1.2-127.1.2-12
AttributeDetail
CWE IDCWE-674 (Uncontrolled Recursion)
CVSS v3.14.0 (Medium)
Attack VectorLocal (Remote via Upload)
ImpactDenial of Service (Stack Exhaustion)
EPSS Score0.00013
Patch Commit204718c

MITRE ATT&CK Mapping

T1499Endpoint Denial of Service
Impact
T1203Exploitation for Client Execution
Execution
CWE-674
Uncontrolled Recursion

Known Exploits & Detection

Manual AnalysisTwo-file circular dependency MVG PoC demonstrated in report.

Vulnerability Timeline

Patch Committed to GitHub
2024-02-12
CVE Published
2025-02-18

References & Sources

  • [1]ImageMagick GitHub Repository
  • [2]NVD Entry for CVE-2025-68950

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 2 hours ago•GHSA-74P7-6H78-GW8P
8.6

GHSA-74P7-6H78-GW8P: Multiple Critical Security Flaws in skillctl Agent-Skill Manager

An in-depth security audit of the skillctl command-line package manager revealed five critical and high-severity security vulnerabilities. The identified flaws span parameter-level command argument injection via the source_sha parameter, uncontrolled resource consumption (Denial of Service) through unnamed UNIX FIFOs and character devices, directory path traversal in the destination argument, commit-message trailer forgery via newline injection in skill names, and local credential exfiltration leveraging UNIX hardlinks. These vulnerabilities represent significant vectors for workstation compromise when executing agentic tasks in repositories containing untrusted files or pull requests. Remediation was introduced in version v0.1.3.

Alon Barad
Alon Barad
2 views•6 min read
•about 6 hours ago•CVE-2026-48153
8.5

CVE-2026-48153: Server-Side Request Forgery in Budibase OAuth2 SDK

CVE-2026-48153 is a Server-Side Request Forgery (SSRF) vulnerability in the Budibase OAuth2 SDK prior to version 3.39.0. It allows authenticated low-privileged users to bypass outbound network security blacklists and send arbitrary requests to internal subnets or cloud metadata services.

Alon Barad
Alon Barad
3 views•7 min read
•about 7 hours ago•GHSA-GHMH-JHMJ-WCMF
5.1

GHSA-GHMH-JHMJ-WCMF: Plaintext Storage of Enrollment Tokens at Rest in SQLite in nebula-mesh

The self-hosted Slack Nebula VPN control plane, nebula-mesh, stored high-privilege enrollment tokens in plaintext inside its SQLite database. This flaw allowed any adversary with read access to the database to retrieve pending tokens and enroll unauthorized hosts into the secure VPN mesh.

Alon Barad
Alon Barad
3 views•8 min read
•about 16 hours ago•GHSA-HVQH-JW65-WCPQ
6.1

GHSA-HVQH-JW65-WCPQ: Cross-Site Scripting (XSS) in devbridge-autocomplete

The devbridge-autocomplete package (jQuery-Autocomplete) fails to escape category headers and suggestion values when using default formatters formatGroup and formatResult. If suggestions contain untrusted input, arbitrary HTML and JavaScript execute directly in the victim's browser session.

Alon Barad
Alon Barad
3 views•6 min read
•about 20 hours ago•CVE-2024-37155
6.5

CVE-2024-37155: Security Bypass in OpenCTI GraphQL Introspection via Whitespace and Control Character Manipulation

OpenCTI versions prior to 6.1.9 fail to properly restrict GraphQL schema introspection queries due to a weak pattern-matching implementation. An unauthenticated attacker can bypass the introspection block list by stripping whitespace and carriage returns, enabling complete reconnaissance of the GraphQL schema.

Amit Schendel
Amit Schendel
5 views•5 min read
•about 21 hours ago•CVE-2025-58048
10.0

CVE-2025-58048: Remote Code Execution via Unrestricted Ticket Attachment Uploads in Paymenter

An unrestricted file upload vulnerability in Paymenter's support ticket system (prior to version 1.2.11) allows authenticated users to upload arbitrary PHP scripts to a web-accessible directory. The application fails to validate file extensions or MIME types before storing the files, enabling remote code execution under the web server's privilege context.

Amit Schendel
Amit Schendel
6 views•5 min read