Local File Disclosure in ImageMagick Affects Multiple Versions
CVE-2026-25965

8.6HIGH

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 24 February 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-25965?

ImageMagick is a popular open-source software suite for digital image manipulation. Prior to the release of versions 7.1.2-15 and 6.9.13-40, a significant vulnerability was present that allowed the bypass of path security policies through path traversal techniques. This flaw enables unauthorized access to sensitive files, as the filesystem resolves the traversal but the security policy only recognizes the unnormalized path. The implications of this vulnerability can lead to local file disclosure, even when security measures such as policy-secure.xml are in place. Users are advised to update to the latest versions and implement additional protections in their security policies.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ImageMagick >= 7.0.0, < 7.1.2-15 < 7.0.0, 7.1.2-15

ImageMagick < 6.9.13-40 < 6.9.13-40

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 9, 2026

JSON

Imagemagick

What is CVE-2026-25965?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.