How serious is CVE-2025-61145?

This vulnerability has a CVSS score of 5 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2025-61145?

CVE-2025-61145 affects libtiff libtiff. Check the full CVE details for specific version information.

How do I fix CVE-2025-61145?

To remediate CVE-2025-61145, check for security patches from libtiff. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-61145

Medium

|5.0

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to potentially crash the libtiff software or execute arbitrary code by exploiting a flaw in the tiffcrop tool, which can happen if the attacker can manipulate the input files processed by this tool. To take advantage of this issue, the attacker needs to provide specially crafted TIFF files to the application using libtiff, which could be done through file uploads or other means of file handling.

Technical Description

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$672($500-$1K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Feb 23, 2026

about 1 month ago

Last Modified

Feb 25, 2026

about 1 month ago

Vendor

libtiff

Product

libtiff

Related Vulnerabilities

CVE-2025-61144High

This vulnerability allows an attacker to execute malicious code on a system by exploiting a stack overflow in the libtiff library when processing specially crafted TIFF images. To be successful, the attacker needs to convince the victim to open a manipulated TIFF file, which could lead to unauthorized access or control over the affected system.

CVE-2025-61143Medium

This vulnerability allows an attacker to crash applications that use the libtiff library by exploiting a flaw in how the library handles certain image files, leading to a program failure. To take advantage of this, the attacker must be able to provide a specially crafted TIFF file to the application.

CVE-2023-52356High

An attacker can exploit a flaw in libtiff to crash applications by sending a specially crafted TIFF file, which can lead to a denial of service. This vulnerability occurs when the TIFFReadRGBATileExt() function processes the malicious file, causing the program to fail unexpectedly.

CVE-2023-52355High

This vulnerability allows an attacker to crash applications that use the libtiff library by sending them a specially crafted TIFF file, which can be as small as 379 KB. To exploit this flaw, the attacker needs to get the target to open the malicious TIFF file, leading to a denial of service.

CVE-2017-5225Critical

This vulnerability allows an attacker to potentially run malicious code on a system or crash it by tricking the libtiff tool into processing a specially crafted image file with a manipulated BitsPerSample value. The attacker needs to have access to a vulnerable version of the libtiff tool to exploit this weakness.