CVE-2026-25104
HighPublic PoC
Published: 26 May 2026
Published
26 May 2026
Modified
28 May 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0018
7.8th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-25104 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Mediaarea Mediainfolib. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31808
Vulnerability details
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?
Heap buffer overflow in media file parser enables client-side RCE via malicious file processing.
Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1
CVEs Like This One
CVE-2026-25713Same product: Mediaarea Mediainfolib
CVE-2026-28764Same product: Mediaarea Mediainfolib
CVE-2026-22554Same product: Mediaarea Mediainfolib
CVE-2025-62291Shared CWE-191
CVE-2026-27296Shared CWE-191
CVE-2025-21156Shared CWE-191
CVE-2025-21135Shared CWE-191
CVE-2026-31883Shared CWE-191
CVE-2026-32775Shared CWE-191
CVE-2026-27297Shared CWE-191
Affected Assets
mediaarea
mediainfolib
26.01
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.