Cyber Resilience

CVE-2026-25713

HighPublic PoC

Published: 26 May 2026

Published
26 May 2026
Modified
28 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0018 7.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25713 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Mediaarea Mediainfolib. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap buffer overflow in media metadata parser enables client-side code execution via malicious file input.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25104Same product: Mediaarea Mediainfolib
CVE-2026-22554Same product: Mediaarea Mediainfolib
CVE-2026-28764Same product: Mediaarea Mediainfolib
CVE-2026-40504Shared CWE-122
CVE-2026-44421Shared CWE-122
CVE-2025-49697Shared CWE-122
CVE-2025-21266Shared CWE-122
CVE-2026-40033Shared CWE-122
CVE-2025-21303Shared CWE-122
CVE-2026-6846Shared CWE-122

Affected Assets

mediaarea
mediainfolib
26.01

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References