CVE-2026-25713
HighPublic PoC
Published: 26 May 2026
Published
26 May 2026
Modified
28 May 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0018
7.8th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-25713 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Mediaarea Mediainfolib. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31807
Vulnerability details
MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?
Heap buffer overflow in media metadata parser enables client-side code execution via malicious file input.
Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1
CVEs Like This One
CVE-2026-25104Same product: Mediaarea Mediainfolib
CVE-2026-22554Same product: Mediaarea Mediainfolib
CVE-2026-28764Same product: Mediaarea Mediainfolib
CVE-2026-40504Shared CWE-122
CVE-2026-44421Shared CWE-122
CVE-2025-49697Shared CWE-122
CVE-2025-21266Shared CWE-122
CVE-2026-40033Shared CWE-122
CVE-2025-21303Shared CWE-122
CVE-2026-6846Shared CWE-122
Affected Assets
mediaarea
mediainfolib
26.01
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.