Cyber Resilience

CVE-2025-47219

HighPublic PoCUpdated

Published: 07 August 2025

Published
07 August 2025
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0044 63.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47219 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Gstreamer Gstreamer. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-47219 is a heap buffer over-read vulnerability (CWE-125) in GStreamer through version 1.26.1. The flaw resides in the isomp4 plugin's qtdemux_parse_trak function, which may read past the end of a heap buffer while parsing an MP4 file, potentially leading to information disclosure. Published on 2025-08-07, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by remote attackers with no privileges required and no user interaction needed, though it demands high attack complexity due to network vector access. Successful exploitation could achieve high impacts on confidentiality, integrity, and availability.

Mitigation details are available in advisories from Atredis Partners at https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md and the GStreamer security page at https://gstreamer.freedesktop.org/security/.

EU & UK References

Vulnerability details

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap buffer over-read in MP4 parser enables client-side exploitation via crafted media files for information disclosure or further impact.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3083Same product: Gstreamer Gstreamer
CVE-2026-3085Same product: Gstreamer Gstreamer
CVE-2026-20611Shared CWE-125
CVE-2025-1433Shared CWE-125
CVE-2024-12550Shared CWE-125
CVE-2025-1428Shared CWE-125
CVE-2026-27287Shared CWE-125
CVE-2026-32926Shared CWE-125
CVE-2025-61952Shared CWE-125
CVE-2026-23720Shared CWE-125

Affected Assets

gstreamer
gstreamer
≤ 1.26.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of known software flaws like the heap buffer over-read in GStreamer's isomp4 plugin.

prevent

Implements memory protections such as bounds checking and randomization to prevent unauthorized disclosure from heap buffer over-reads during MP4 parsing.

prevent

Validates MP4 file inputs before processing to reject malformed content that could trigger the qtdemux_parse_trak buffer over-read.

References