CVE-2025-70308
Published: 15 January 2026
Summary
CVE-2025-70308 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Gpac Gpac. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read in file parser enables crafted .gsf delivery (T1204.002) that directly triggers application crash/DoS via exploitation (T1499.004).
NVD Description
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
Deeper analysisAI
CVE-2025-70308 is an out-of-bounds read vulnerability, classified under CWE-125, affecting the GSF demuxer filter component in GPAC version 2.4.0. Published on 2026-01-15, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The issue enables attackers to induce a Denial of Service condition by processing a specially crafted .gsf file.
Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges, authentication, or user interaction. Exploitation leads to high-impact disruption of availability, such as application crashes or resource exhaustion, while confidentiality and integrity remain unaffected.
A proof-of-concept exploit is publicly available at https://github.com/zakkanijia/POC/blob/main/gpac_gsf/GPAC_gsf.md. No additional details on patches or mitigation steps from official advisories are provided in the CVE information.
Details
- CWE(s)