What is the CVSS score of CVE-2025-3887?

CVE-2025-3887 has a CVSS 3.0 base score of 8.8 (High). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Debian Linux are affected by CVE-2025-3887?

CVE-2025-3887 presents significant security risk, a stack-based buffer overflow vulnerability rated CVSS 8.8.. A patch is available.

How to fix or mitigate CVE-2025-3887?

Within 7 days: Identify all affected systems and apply vendor patches promptly. If patching is delayed, consider network segmentation to limit exposure.

Debian Linux CVE-2025-3887

HIGH

Stack-based Buffer Overflow (CWE-121)

2025-05-22 zdi-disclosures@trendmicro.com

RCE Buffer Overflow Red Hat Debian Linux Gstreamer Suse

8.8

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 06, 2026 - 02:30 nvd

Patch available

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

CVE Published

May 22, 2025 - 01:15 nvd

HIGH 8.8

DescriptionNVD

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.

AnalysisAI

A stack-based buffer overflow vulnerability exists in GStreamer's H265 codec parsing functionality that allows remote attackers to execute arbitrary code on affected systems. The vulnerability occurs when processing malformed H265 slice headers, enabling attackers to overflow a fixed-length stack buffer and potentially take control of the application processing the media content. With an EPSS score of 0.61% (69th percentile) and a CVSS score of 8.8, this represents a significant risk for applications using GStreamer for video processing, though it requires user interaction to exploit.

Technical ContextAI

GStreamer is a widely-used open-source multimedia framework that provides libraries and tools for constructing graphs of media-handling components, commonly used in Linux distributions and multimedia applications. The vulnerability affects GStreamer installations as identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:* and has been confirmed to impact Debian Linux 11.0 (CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*). The root cause is a classic CWE-121 stack-based buffer overflow, where the H265 codec parser fails to properly validate the length of user-supplied data before copying it to a fixed-size buffer on the stack, allowing an attacker to write beyond the buffer boundaries and potentially overwrite return addresses or other critical stack data.

RemediationAI

Apply the security updates provided by your Linux distribution or GStreamer maintainers immediately, with Debian users specifically directed to the advisory at https://lists.debian.org/debian-lts-announce/2025/06/msg00017.html. Until patches can be applied, implement defense-in-depth measures including restricting the processing of untrusted H265/HEVC video content, implementing sandboxing for media processing applications, and monitoring for suspicious process behavior following media file processing. For additional technical details about the vulnerability, refer to the Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-25-267/.