whisper.cpp CVE-2025-14569
LOWSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Use-after-free vulnerability in whisper.cpp up to version 1.8.2 affects the read_audio_data function in common-whisper.cpp, allowing local authenticated attackers to trigger memory corruption with limited confidentiality and integrity impact. The flaw requires local access and valid user privileges on the system, with publicly available exploit code currently circulating; however, the extremely low EPSS score (0.03%, 7th percentile) and minimal CVSS severity (1.9) suggest limited real-world exploitability despite public proof-of-concept availability.
Technical ContextAI
whisper.cpp is a C/C++ implementation of OpenAI's Whisper speech-to-text model. The vulnerability exists in the read_audio_data function within examples/common-whisper.cpp, which handles audio file input processing. The root cause is a use-after-free memory error classified under CWE-119 (improper restriction of operations within the bounds of a memory buffer), indicating that the function references memory that has already been freed during audio data parsing or processing. This typically occurs when audio buffers are deallocated but subsequent code paths still attempt to access those buffers, leading to potential information disclosure or denial of service when the freed memory is reallocated by the process.
Affected ProductsAI
ggml-org whisper.cpp versions up to and including 1.8.2 are affected. The vulnerability is localized to the read_audio_data function in the examples/common-whisper.cpp file. No specific CPE string is provided in the source data. Reference: https://github.com/ggml-org/whisper.cpp/issues/3501
RemediationAI
Upgrade whisper.cpp to a version newer than 1.8.2 when the project releases a patched version; however, as of the time of this analysis, the maintainers have not responded to the vulnerability report, and no official patch version has been released. Monitor the GitHub repository (https://github.com/ggml-org/whisper.cpp) for updates. As an interim compensating control, restrict execution of whisper.cpp examples and tools to trusted users only by removing or limiting setuid/setgid bits on affected binaries and enforcing file permission controls (chmod 750 on example directories) so that only authorized developers can invoke read_audio_data code paths. Additionally, apply operating system-level memory protections (ensure ASLR and DEP are enabled) to increase the difficulty of reliably exploiting the use-after-free condition, though this does not eliminate the vulnerability. If whisper.cpp is used in production speech-to-text pipelines, validate audio input files through a separate, sandboxed pre-processor before passing them to whisper.cpp to reduce exposure. Note that these workarounds do not fix the underlying memory bug and should be treated as temporary measures only.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today