CVE-2025-26304

HighPublic PoC

Published: 20 February 2025

Published

20 February 2025

Modified

22 April 2025

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0035 57.3th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26304 is a high-severity Heap Inspection (CWE-244) vulnerability in Libming Libming. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 42.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the memory leak vulnerability in libming v0.4.8 through timely patching or library upgrades.

CM-7 Least Functionality good match

prevent

Restricts or prohibits non-essential SWF parsing capabilities that rely on vulnerable libming, eliminating exposure to remote exploitation.

SI-16 Memory Protection partial match

prevent

Implements memory safeguards to limit unauthorized disclosure of information from the parseSWF_EXPORTASSETS memory leak.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Memory leak in SWF parser enables remote network-triggered disclosure of local system memory contents (T1005); library usage in apps allows exploitation of public-facing services for info leak (T1190).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.

Deeper analysisAI

CVE-2025-26304 is a memory leak vulnerability identified in the parseSWF_EXPORTASSETS function within util/parser.c of libming version 0.4.8. This issue, published on 2025-02-20, is classified under CWE-244 and carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high severity primarily due to its potential for information disclosure.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation allows attackers to achieve high-impact confidentiality loss through memory leakage, alongside low-impact integrity modification, without affecting availability or changing the scope of impact.

For mitigation details, refer to the advisory in the GitHub issue at https://github.com/libming/libming/issues/323.

Details

CWE(s): CWE-244

Affected Products

libming

0.4.8

CVEs Like This One

CVE-2025-26305Same product: Libming Libming

CVE-2025-29484Same product: Libming Libming

CVE-2025-29487Same product: Libming Libming

CVE-2025-70873Shared CWE-244

CVE-2025-1722Shared CWE-244

CVE-2026-20039Shared CWE-244

CVE-2025-1719Shared CWE-244

References

https://github.com/libming/libming/issues/323
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org