CVE-2025-25468

MEDIUM
2025-02-18 [email protected]
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:27 vuln.today
Patch Released
Mar 28, 2026 - 18:27 nvd
Patch available
PoC Detected
Jan 29, 2026 - 02:12 vuln.today
Public exploit code
CVE Published
Feb 18, 2025 - 22:15 nvd
MEDIUM 6.5

Tags

Information Disclosure Ffmpeg Suse

Description

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.

Analysis

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical Context

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. Affected products include: Ffmpeg.

Affected Products

Ffmpeg.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

Priority Score

53
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +32
POC: +20

Vendor Status

Share

CVE-2025-25468 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy