Is there a public PoC exploit available for EUVD-2026-17725?

Yes, a public proof-of-concept exploit is available for EUVD-2026-17725. Prioritise patching immediately. EPSS: 0.0%.

Axiomatic Bento4 EUVD-2026-17725

Q: What is the CVSS score of EUVD-2026-17725?

EUVD-2026-17725 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-5235 LOW

Heap-based Buffer Overflow (CWE-122)

2026-03-31 VulDB

Buffer Overflow Heap Overflow

1.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

4.8 (MEDIUM) 1.9 (LOW)

PoC Detected

Apr 01, 2026 - 14:23 vuln.today

Public exploit code

EUVD ID Assigned

Mar 31, 2026 - 22:32 euvd

EUVD-2026-17725

Analysis Generated

Mar 31, 2026 - 22:32 vuln.today

CVE Published

Mar 31, 2026 - 22:15 nvd

MEDIUM 4.8

DescriptionNVD

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Heap-based buffer overflow in Axiomatic Bento4 up to version 1.6.0-641 affects the AP4_BitReader::ReadCache function in the MP4 file parser component, allowing local attackers with limited privileges to cause information disclosure, integrity violation, and denial of service. Publicly available exploit code exists, and the vendor has not yet responded to the early disclosure despite project notification through GitHub issue tracking.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-17725 vulnerability details – vuln.today

Back