Our DevOps Pipeline Microsoft Security Analyzers are reporting the following error:
High (CVSS 7.5)
Package: SixLabors.ImageSharp
Installed Version: 3.1.5
Vulnerability CVE-2025-27598
Severity: HIGH
Fixed Version: 3.1.7, 2.1.10
Link: CVE-2025-27598
Per my understanding the IronSoftware.System.Drawing depend on SixLabors.ImageSharp version 3.1.5 (and 2.1.9 for netstandard2.0). There should be fixed versions 3.1.7 and 2.1.10.
As I saw, there is already an approved pullrequest in your repository with the correct versions:
#130
Usages
root/.nuget/packages/ironsoftware.system.drawing/2025.3.5/lib/net60/IronSoftware.Drawing.Common.deps.json: SixLabors.ImageSharp@3.1.5
root/.nuget/packages/ironsoftware.system.drawing/2025.3.5/lib/netstandard2.0/IronSoftware.Drawing.Common.deps.json: SixLabors.ImageSharp@2.1.9
Our DevOps Pipeline Microsoft Security Analyzers are reporting the following error:
High (CVSS 7.5)
Package: SixLabors.ImageSharp
Installed Version: 3.1.5
Vulnerability CVE-2025-27598
Severity: HIGH
Fixed Version: 3.1.7, 2.1.10
Link: CVE-2025-27598
Per my understanding the IronSoftware.System.Drawing depend on SixLabors.ImageSharp version 3.1.5 (and 2.1.9 for netstandard2.0). There should be fixed versions 3.1.7 and 2.1.10.
As I saw, there is already an approved pullrequest in your repository with the correct versions:
#130
Usages
root/.nuget/packages/ironsoftware.system.drawing/2025.3.5/lib/net60/IronSoftware.Drawing.Common.deps.json: SixLabors.ImageSharp@3.1.5
root/.nuget/packages/ironsoftware.system.drawing/2025.3.5/lib/netstandard2.0/IronSoftware.Drawing.Common.deps.json: SixLabors.ImageSharp@2.1.9