Cyber Resilience

CVE-2025-25723

HighPublic PoC

Published: 28 February 2025

Published
28 February 2025
Modified
25 September 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25723 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Gpac Gpac. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-25723 is a buffer overflow vulnerability (CWE-120) in GPAC version 2.5. This flaw enables a local attacker to execute arbitrary code on affected systems running the vulnerable version of the GPAC multimedia framework.

The vulnerability can be exploited by a local attacker requiring only local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N), with an unchanged scope (S:U). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS 3.1 base score of 8.4.

Mitigation is available through a patch in the GPAC GitHub repository at commit 74e26b8dfeb0ab8c7317603b80a18306d0698473. Additional details on the issue are documented in GPAC GitHub issue #3089.

EU & UK References

Vulnerability details

Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow in GPAC (client multimedia framework) enables local arbitrary code execution with no privileges required, directly mapping to Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-50664Same product: Gpac Gpac
CVE-2025-70298Same product: Gpac Gpac
CVE-2026-27821Same product: Gpac Gpac
CVE-2025-70308Same product: Gpac Gpac
CVE-2025-70307Same product: Gpac Gpac
CVE-2025-70304Same product: Gpac Gpac
CVE-2026-1418Same product: Gpac Gpac
CVE-2026-33144Same product: Gpac Gpac
CVE-2020-37024Shared CWE-120
CVE-2025-25565Shared CWE-120

Affected Assets

gpac
gpac
2.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, testing, and installation of patches to remediate the buffer overflow vulnerability in GPAC version 2.5.

prevent

Provides memory safeguards like non-executable memory and address space randomization to block arbitrary code execution from the buffer overflow exploit.

detect

Requires vulnerability scanning that identifies the presence of CVE-2025-25723 in GPAC, enabling proactive remediation.

References