CVE-2025-47219

HighPublic PoC

Published: 07 August 2025

Published

07 August 2025

Modified

17 March 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47219 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Gstreamer Gstreamer. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 35.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of known software flaws like the heap buffer over-read in GStreamer's isomp4 plugin.

SI-16 Memory Protection good match

prevent

Implements memory protections such as bounds checking and randomization to prevent unauthorized disclosure from heap buffer over-reads during MP4 parsing.

SI-10 Information Input Validation partial match

prevent

Validates MP4 file inputs before processing to reject malformed content that could trigger the qtdemux_parse_trak buffer over-read.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Heap buffer over-read in MP4 parser enables client-side exploitation via crafted media files for information disclosure or further impact.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

Deeper analysisAI

CVE-2025-47219 is a heap buffer over-read vulnerability (CWE-125) in GStreamer through version 1.26.1. The flaw resides in the isomp4 plugin's qtdemux_parse_trak function, which may read past the end of a heap buffer while parsing an MP4 file, potentially leading to information disclosure. Published on 2025-08-07, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by remote attackers with no privileges required and no user interaction needed, though it demands high attack complexity due to network vector access. Successful exploitation could achieve high impacts on confidentiality, integrity, and availability.

Mitigation details are available in advisories from Atredis Partners at https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md and the GStreamer security page at https://gstreamer.freedesktop.org/security/.