Login Sign Up

CVE-2025-63095

6.5 MEDIUM
Denial of Service

📋 TL;DR

An improper input validation vulnerability in the BitstreamWriter::write_bits() function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service (DoS) via crafted input. This affects any application or system using this specific version of the video codec library. The vulnerability stems from insufficient validation of input parameters to the write_bits function.

💻 Affected Systems

Products:
  • Tempus Ex hello-video-codec
Versions: v0.1.0
Operating Systems: All platforms where Rust applications run
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using the vulnerable version of the hello-video-codec library.

📦 What is this software?

Hello Video Codec by Tempus Ex

View all CVEs affecting Hello Video Codec →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through application crash or resource exhaustion, potentially affecting dependent services.

🟠

Likely Case

Application instability or crashes when processing maliciously crafted video data, leading to service interruptions.

🟢

If Mitigated

Minimal impact with proper input validation and error handling in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a public library with available source code, making exploitation straightforward for attackers with access to the code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider implementing input validation in your application or finding alternative libraries.

🔧 Temporary Workarounds

Implement Input Validation

all

Add validation checks for input parameters before calling write_bits() function.

// Example Rust code: validate 'bits' parameter range
if bits > MAX_BITS || bits < 0 { return Err(InvalidInput); }

🧯 If You Can't Patch

  • Isolate the vulnerable component in a sandboxed environment to limit impact.
  • Implement network segmentation to restrict access to systems using the vulnerable library.

🔍 How to Verify

Check if Vulnerable:

Check Cargo.toml or package dependencies for 'hello-video-codec = "0.1.0"'.

Check Version:

grep -r "hello-video-codec" Cargo.toml

Verify Fix Applied:

Verify that input validation has been implemented in the write_bits() function call chain.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unexpected termination of video processing services

Network Indicators:

  • Increased error rates in video streaming services
  • Service unavailability alerts

SIEM Query:

source="application.log" AND ("segmentation fault" OR "panic" OR "abort") AND process="*video*"

📊 Metadata

CVE ID: CVE-2025-63095
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.09% exploit probability (25th percentile)
Published: December 1, 2025
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63095, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)