Out-of-Bounds Read Vulnerability in Exiv2 C++ Image Metadata Library
CVE-2025-54080

1.8LOW

Key Information:

Vendor: Exiv2
Status: Exiv2
Vendor: CVE Published:; 29 August 2025

What is CVE-2025-54080?

Exiv2, a C++ library for managing image metadata, is susceptible to an out-of-bounds read vulnerability when processing carefully crafted image files. This issue arises specifically during the metadata writing operation, potentially leading to a denial of service by crashing the Exiv2 utility if exploited. Users are recommended to update to version 0.28.6 or later to mitigate this vulnerability and enhance application stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

exiv2 < 0.28.6

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-4...

x_refsource_CONFIRM

https://github.com/Exiv2/exiv2/commit/e737332427711f15bcd...

x_refsource_MISC

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Jul 16, 2025

JSON

Exiv2