CVE-2025-48796 is a stack-based buffer overflow vulnerability identified in the GIMP image editor, specifically within the ani_load_image() function responsible for processing ANI (animated cursor) files. The flaw arises because the function does not properly validate the size of data loaded from ANI files, allowing an attacker to supply a specially crafted ANI file that exceeds the buffer capacity on the stack. This overflow can overwrite adjacent memory, enabling arbitrary code execution with the privileges of the user running GIMP. The vulnerability is present in Red Hat Enterprise Linux 6 distributions that include GIMP. Exploitation requires a local attacker with low privileges (PR:L) and user interaction (UI:R) to open the malicious ANI file. The CVSS v3.1 base score is 7.3, reflecting high impact on confidentiality, integrity, and availability, but limited attack vector (local) and requirement for user action. No public exploits are known at this time, but the vulnerability poses a significant risk due to the potential for privilege escalation or system compromise if exploited. The flaw highlights the risks of processing untrusted image files in desktop applications and the importance of secure coding practices in image parsing functions.

For European organizations, this vulnerability could lead to local system compromise if users open malicious ANI files in GIMP. This may result in unauthorized access to sensitive data, disruption of services, or use of compromised systems as footholds for further network attacks. Organizations in sectors such as media, design, and government that utilize GIMP on Red Hat Enterprise Linux 6 desktops or workstations are particularly at risk. The impact extends to confidentiality, integrity, and availability of affected systems. Although the attack vector is local and requires user interaction, social engineering or phishing could be used to trick users into opening malicious files. The lack of known exploits reduces immediate risk, but the high severity score and potential damage warrant proactive mitigation. Legacy systems still running RHEL 6 may be more vulnerable due to outdated software and limited patch support.

1. Apply security patches from Red Hat as soon as they become available to address the vulnerability in GIMP. 2. If patches are not yet available, restrict or disable the opening of ANI files within GIMP or via file association policies. 3. Employ application sandboxing or containerization to limit the impact of potential exploitation of GIMP. 4. Use endpoint protection solutions that can detect and block exploitation attempts or anomalous behavior related to buffer overflows. 5. Educate users on the risks of opening untrusted or unsolicited ANI files, emphasizing caution with email attachments and downloads. 6. Consider upgrading from Red Hat Enterprise Linux 6 to a more recent, supported version with updated software stacks. 7. Implement strict file integrity monitoring and logging to detect suspicious activity related to GIMP or ANI file handling. 8. Use application whitelisting to prevent unauthorized execution of unknown or untrusted binaries that could result from exploitation.