CVE-2025-25943

HighPublic PoC

Published: 19 February 2025

Published

19 February 2025

Modified

13 May 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0027 50.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.

Security Summary

CVE-2025-25943 is a buffer overflow vulnerability in Bento4 version 1.6.0-641. The flaw affects the AP4_Stz2Atom::AP4_Stz2Atom component in Ap4Stz2Atom.cpp and allows a local attacker to execute arbitrary code. Published on 2025-02-19, it is associated with CWE-94 (code injection) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with low privileges can exploit this vulnerability through low-complexity attacks requiring no user interaction. Successful exploitation grants arbitrary code execution with high impacts on confidentiality, integrity, and availability in the context of the affected process.

The primary reference for this CVE is a GitHub issue at https://github.com/axiomatic-systems/Bento4/issues/993, which may provide additional details on patches or mitigations.

Details

CWE(s): CWE-94

Affected Products

axiosys

bento4

1.6.0-641

References

https://github.com/axiomatic-systems/Bento4/issues/993
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org