CVE-2025-47806
Published: 07 August 2025
Summary
CVE-2025-47806 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gstreamer Gstreamer. Its CVSS base score is 5.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 40.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23942
Vulnerability details
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack buffer overflow in GStreamer's subparse plugin enables endpoint denial of service via application exploitation, causing a crash.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.