CVE-2025-51602
📋 TL;DR
This vulnerability in VLC media player allows an out-of-bounds read and denial of service when processing a specially crafted MMS server response. Attackers can crash VLC by sending malicious 0x01 responses, potentially disrupting media playback. All users running vulnerable VLC versions are affected when accessing MMS streams.
💻 Affected Systems
- VideoLAN VLC media player
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service causing VLC to crash, potentially disrupting media playback in critical environments or automated systems.
Likely Case
Application crash when accessing malicious MMS streams, requiring manual restart of VLC media player.
If Mitigated
No impact if MMS streaming is disabled or if systems don't access untrusted MMS streams.
🎯 Exploit Status
Exploitation requires the victim to access a malicious MMS stream. No authentication needed as this is a client-side vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.22 and later
Vendor Advisory: https://www.videolan.org/security/sb-vlc3022.html
Restart Required: Yes
Instructions:
1. Download VLC 3.0.22 or later from videolan.org. 2. Install the update. 3. Restart VLC and any applications using VLC libraries.
🔧 Temporary Workarounds
Disable MMS streaming
allPrevent VLC from accessing MMS streams to avoid triggering the vulnerability
Not applicable - configure through VLC interface
Network filtering
linuxBlock MMS protocol (typically TCP/UDP 1755) at firewall level
iptables -A INPUT -p tcp --dport 1755 -j DROP
iptables -A INPUT -p udp --dport 1755 -j DROP
🧯 If You Can't Patch
- Avoid accessing MMS streams from untrusted sources
- Use alternative media players for MMS content until patched
🔍 How to Verify
Check if Vulnerable:
Check VLC version in Help > About (Windows/Linux) or VLC menu > About VLC (macOS). If version is below 3.0.22, system is vulnerable.Check Version:
vlc --version | head -1 (Linux/macOS) or check Help > About (Windows)Verify Fix Applied:
Confirm VLC version is 3.0.22 or higher in About dialog. Test MMS streaming functionality if required.📡 Detection & Monitoring
Log Indicators:
- VLC crash logs
- Application error events mentioning mmstu.c or MMS
Network Indicators:
- MMS protocol traffic (TCP/UDP 1755) to suspicious IPs
- Unusual MMS stream requests
SIEM Query:
EventID=1000 OR EventID=1001 AND Source="VLC" AND Keywords="Crash" OR ProcessName="vlc.exe" AND EventData contains "mmstu"