Cyber Resilience

CVE-2025-1594

MediumPublic PoC

Published: 23 February 2025

Published
23 February 2025
Modified
03 June 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 30.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1594 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Ffmpeg Ffmpeg. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 30.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1594 is a stack-based buffer overflow vulnerability classified as critical in FFmpeg versions up to 7.1. It affects the ff_aac_search_for_tns function in the libavcodec/aacenc_tns.c file of the AAC Encoder component. The issue, linked to CWEs-119, CWE-121, and CWE-787, was published on 2025-02-23.

The vulnerability enables remote exploitation through manipulated input, requiring network access, low complexity, no privileges, and user interaction per its CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). Attackers can achieve limited impacts on confidentiality, integrity, and availability. A proof-of-concept exploit has been publicly disclosed and may be used.

References include FFmpeg's official site, a POC attachment and comment on trac.ffmpeg.org/ticket/11418, and VulDB entries at vuldb.com/?ctiid.296589 and vuldb.com/?id.296589, which detail the vulnerability.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate…

more

the attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack-based buffer overflow in FFmpeg AAC encoder directly enables client-side exploitation via crafted media input (T1203: Exploitation for Client Execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40962Same product: Ffmpeg Ffmpeg
CVE-2024-35365Same product: Ffmpeg Ffmpeg
CVE-2026-30997Same product: Ffmpeg Ffmpeg
CVE-2026-30999Same product: Ffmpeg Ffmpeg
CVE-2026-30998Same product: Ffmpeg Ffmpeg
CVE-2023-6605Same product: Ffmpeg Ffmpeg
CVE-2025-0840Shared CWE-119, CWE-121
CVE-2026-42482Shared CWE-121, CWE-787
CVE-2026-7323Shared CWE-119, CWE-787
CVE-2025-66048Shared CWE-121, CWE-787

Affected Assets

ffmpeg
ffmpeg
≤ 7.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the stack-based buffer overflow by applying patches or upgrading FFmpeg beyond version 7.1.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to prevent exploitation of the stack buffer overflow.

prevent

Validates manipulated AAC inputs before processing by the vulnerable ff_aac_search_for_tns function to block overflow triggers.

References