CVE-2025-25723 – A buffer overflow vulnerability in GPAC version... (How to Fix)

Q: What is the severity of CVE-2025-25723?

CVE-2025-25723 has a CVSS score of 8.4 (HIGH). A buffer overflow vulnerability in GPAC version 2.5 allows local attackers to execute arbitrary code on affected systems. This affects systems running GPAC 2.5 where an attacker has local access. The vulnerability could lead to privilege escalation or complete system compromise.

📋 TL;DR

A buffer overflow vulnerability in GPAC version 2.5 allows local attackers to execute arbitrary code on affected systems. This affects systems running GPAC 2.5 where an attacker has local access. The vulnerability could lead to privilege escalation or complete system compromise.

💻 Affected Systems

Products:

GPAC (MP4Box, MP4Client, and related tools)

Versions: GPAC version 2.5

Operating Systems: Linux, Windows, macOS, BSD systems where GPAC is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with GPAC 2.5 installed is vulnerable. The vulnerability is in the core GPAC library used by various multimedia tools.

📦 What is this software?

Gpac by Gpac

View all CVEs affecting Gpac →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full system control, installs persistent malware, accesses sensitive data, and pivots to other systems

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files and system resources

🟢

If Mitigated

Limited impact with proper access controls, but still potential for local user privilege escalation

🌐 Internet-Facing: LOW - This is a local vulnerability requiring attacker access to the system

🏢 Internal Only: HIGH - Internal users with local access could exploit this for privilege escalation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the system. Exploitation involves triggering the buffer overflow through specific GPAC functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GPAC version after commit 74e26b8dfeb0ab8c7317603b80a18306d0698473

Vendor Advisory: https://github.com/gpac/gpac/commit/74e26b8dfeb0ab8c7317603b80a18306d0698473

Restart Required: No

Instructions:

1. Update GPAC to latest version from official repository. 2. Rebuild from source using commit after 74e26b8dfeb0ab8c7317603b80a18306d0698473. 3. Replace existing GPAC binaries with patched versions.

🔧 Temporary Workarounds

Restrict local user access

all

Limit which users can execute GPAC tools and access GPAC functionality

chmod 750 /usr/local/bin/MP4Box
chmod 750 /usr/local/bin/MP4Client

🧯 If You Can't Patch

Implement strict access controls to limit which users can run GPAC tools
Monitor for unusual process execution patterns involving GPAC binaries

🔍 How to Verify

Check if Vulnerable:

Check GPAC version: MP4Box -version or gpac -version. If output shows version 2.5, system is vulnerable.

Check Version:

MP4Box -version 2>&1 | grep -i version || gpac -version 2>&1 | grep -i version

Verify Fix Applied:

Verify GPAC version is updated beyond commit 74e26b8dfeb0ab8c7317603b80a18306d0698473. Check git log or version string.

📡 Detection & Monitoring

Log Indicators:

Unusual process crashes of GPAC binaries
Suspicious child processes spawned from GPAC tools
Failed privilege escalation attempts

Network Indicators:

Outbound connections from GPAC processes to unexpected destinations

SIEM Query:

process_name:("MP4Box" OR "MP4Client" OR "gpac") AND (event_type:"process_crash" OR parent_process_name:"GPAC*")

📊 Metadata

CVE ID: CVE-2025-25723

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.04% exploit probability (9.8th percentile)

Published: February 28, 2025

Last Updated: September 25, 2025

🔗 References

https://github.com/gpac/gpac/commit/74e26b8dfeb0ab8c7317603b80a18306d0698473 Patch
https://github.com/gpac/gpac/issues/3089 Exploit,Issue Tracking
https://github.com/gpac/gpac/issues/3089 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25723, you might also want to check these: