Login Sign Up

CVE-2025-34449

9.1 CRITICAL
Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in scrcpy allows a compromised Android device to send crafted messages that cause memory corruption on the host system. This could lead to denial-of-service or potential remote code execution. All users running scrcpy versions up to 3.3.3 are affected.

💻 Affected Systems

Products:
  • Genymobile scrcpy
Versions: All versions up to and including 3.3.3, prior to commit 3e40b24
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires connection to a compromised Android device via USB or ADB over network

📦 What is this software?

Scrcpy by Genymotion

View all CVEs affecting Scrcpy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on the host system, potentially allowing full compromise of the computer running scrcpy.

🟠

Likely Case

Denial-of-service (scrcpy crash) and potential memory corruption leading to unstable system behavior.

🟢

If Mitigated

Limited impact if scrcpy is only used with trusted devices and network segmentation is in place.

🌐 Internet-Facing: LOW (scrcpy typically runs on local networks and requires USB/ADB connection)
🏢 Internal Only: MEDIUM (requires compromised device on the same network or physical access)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a compromised Android device that can send crafted messages to scrcpy

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 3e40b24

Vendor Advisory: https://github.com/Genymobile/scrcpy/commit/3e40b24

Restart Required: Yes

Instructions:

1. Update scrcpy to latest version from official repository. 2. Rebuild from source if using compiled version. 3. Restart scrcpy application.

🔧 Temporary Workarounds

Disable network ADB

all

Only use USB connection for scrcpy to prevent network-based attacks

adb usb

Use trusted devices only

all

Only connect scrcpy to verified, trusted Android devices

🧯 If You Can't Patch

  • Discontinue use of scrcpy until patched
  • Isolate scrcpy usage to separate network segment with no other critical systems

🔍 How to Verify

Check if Vulnerable:

Check scrcpy version with 'scrcpy --version' and verify it's 3.3.3 or earlier

Check Version:

scrcpy --version

Verify Fix Applied:

Verify scrcpy version is newer than 3.3.3 or check git commit includes 3e40b24

📡 Detection & Monitoring

Log Indicators:

  • scrcpy crash logs
  • memory access violation errors in system logs

Network Indicators:

  • Unusual ADB traffic patterns from Android devices
  • Large or malformed data packets to scrcpy port

SIEM Query:

process_name='scrcpy' AND (event_type='crash' OR error_message CONTAINS 'memory' OR error_message CONTAINS 'buffer')

📊 Metadata

CVE ID: CVE-2025-34449
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-502
EPSS Score: 0.06% exploit probability (19.3th percentile)
Published: December 18, 2025
Last Updated: January 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34449, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)