CVE-2025-60458 – UxPlay 1.72 contains a double free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-60458?

CVE-2025-60458 has a CVSS score of 6.5 (MEDIUM). UxPlay 1.72 contains a double free vulnerability in RTSP request handling. Attackers can send specially crafted RTSP TEARDOWN requests to trigger multiple free() calls on the same memory address, potentially causing application crashes or denial of service. This affects all systems running UxPlay 1.72 with RTSP enabled.

📋 TL;DR

UxPlay 1.72 contains a double free vulnerability in RTSP request handling. Attackers can send specially crafted RTSP TEARDOWN requests to trigger multiple free() calls on the same memory address, potentially causing application crashes or denial of service. This affects all systems running UxPlay 1.72 with RTSP enabled.

💻 Affected Systems

Products:

UxPlay

Versions: 1.72

Operating Systems: Linux, macOS, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with RTSP functionality enabled (default in UxPlay).

📦 What is this software?

Uxplay by Antimof

View all CVEs affecting Uxplay →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially allowing further memory corruption attacks or remote code execution in specific scenarios.

🟠

Likely Case

Application crash and denial of service, disrupting screen mirroring functionality.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent malicious RTSP requests.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept available on GitHub. Exploitation requires network access to RTSP port (typically 7100).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or applying workarounds.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to UxPlay RTSP port (default 7100) using firewall rules.

sudo ufw deny 7100
sudo iptables -A INPUT -p tcp --dport 7100 -j DROP

Disable RTSP Service

linux

Stop UxPlay service or disable RTSP functionality if possible.

sudo systemctl stop uxplay
pkill -f uxplay

🧯 If You Can't Patch

Implement strict network segmentation to isolate UxPlay instances
Monitor for abnormal RTSP TEARDOWN requests and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check if UxPlay version is 1.72 by running 'uxplay --version' or checking process information.

Check Version:

uxplay --version

Verify Fix Applied:

Verify UxPlay is not running version 1.72 or that network restrictions are properly applied.

📡 Detection & Monitoring

Log Indicators:

Multiple RTSP TEARDOWN requests from single source
UxPlay process crashes or abnormal termination

Network Indicators:

Unusual RTSP TEARDOWN request patterns
Traffic to port 7100 with malformed RTSP headers

SIEM Query:

source="uxplay.log" AND "TEARDOWN" AND ("crash" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2025-60458

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.05% exploit probability (16.6th percentile)

Published: December 29, 2025

Last Updated: January 9, 2026

🔗 References

https://github.com/0pepsi/CVE-2025-60458 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60458, you might also want to check these: