Wiz
Vulnerability DatabaseCVE-2025-48798

CVE-2025-48798
Linux Debian vulnerability analysis and mitigation

Overview

CVE-2025-48798 is a security vulnerability affecting the GIMP image editor's XCF parser component, discovered and disclosed on May 26, 2025. The vulnerability affects multiple versions of Red Hat Enterprise Linux (RHEL) including versions 6, 7, 8, and 9. This issue has been classified with a CVSS v3 Base Score of 7.3, indicating a high severity level (Red Hat Security).

Technical details

The vulnerability has been identified as a use-after-free vulnerability (CWE-416) in the XCF parser component of GIMP. The issue occurs during the parsing of XCF format files, which is GIMP's native image format. With a CVSS v3 Base Score of 7.3, the vulnerability requires local access with low attack complexity (Red Hat Security API).

Impact

The use-after-free vulnerability in the XCF parser could potentially lead to arbitrary code execution or system crashes when processing maliciously crafted XCF files. This poses a significant risk to systems where GIMP is installed and used to process untrusted XCF files (Red Hat Security API).

Mitigation and workarounds

The vulnerability affects multiple versions of Red Hat Enterprise Linux (RHEL 6, 7, 8, and 9). Users are advised to monitor for and apply security updates as they become available through their respective package management systems (Red Hat Security API).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo