Cyber Resilience

CVE-2026-25104

HighPublic PoC

Published: 26 May 2026

Published
26 May 2026
Modified
28 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0018 7.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25104 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Mediaarea Mediainfolib. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap buffer overflow in media file parser enables client-side RCE via malicious file processing.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25713Same product: Mediaarea Mediainfolib
CVE-2026-28764Same product: Mediaarea Mediainfolib
CVE-2026-22554Same product: Mediaarea Mediainfolib
CVE-2025-62291Shared CWE-191
CVE-2026-27296Shared CWE-191
CVE-2025-21156Shared CWE-191
CVE-2025-21135Shared CWE-191
CVE-2026-31883Shared CWE-191
CVE-2026-32775Shared CWE-191
CVE-2026-27297Shared CWE-191

Affected Assets

mediaarea
mediainfolib
26.01

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References