CVE-2025-65406 – A heap overflow vulnerability in Live555 Stream... (How to Fix)

Q: What is the severity of CVE-2025-65406?

CVE-2025-65406 has a CVSS score of 6.5 (MEDIUM). A heap overflow vulnerability in Live555 Streaming Media allows attackers to cause denial of service by supplying a specially crafted MKV file. This affects systems using Live555 for media streaming, potentially disrupting streaming services.

📋 TL;DR

A heap overflow vulnerability in Live555 Streaming Media allows attackers to cause denial of service by supplying a specially crafted MKV file. This affects systems using Live555 for media streaming, potentially disrupting streaming services.

💻 Affected Systems

Products:

Live555 Streaming Media

Versions: v2018.09.02 and potentially earlier versions

Operating Systems: All platforms running Live555

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using Live555 to process MKV files is vulnerable.

📦 What is this software?

Streaming Media by Live555

View all CVEs affecting Streaming Media →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of streaming applications, potentially leading to system crashes and requiring service restarts.

🟠

Likely Case

Denial of service affecting streaming functionality, causing service interruptions for users.

🟢

If Mitigated

Limited impact with proper input validation and monitoring in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious MKV file and delivering it to the vulnerable system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check the Live555 GitHub repository for updates and apply any available patches. Consider upgrading to a newer version if available.

🔧 Temporary Workarounds

Disable MKV file processing

all

Configure Live555 to reject or not process MKV files if not required.

Implement input validation

all

Add validation for MKV file inputs before processing.

🧯 If You Can't Patch

Implement network segmentation to isolate Live555 servers
Deploy WAF rules to block suspicious MKV file uploads

🔍 How to Verify

Check if Vulnerable:

Check if Live555 version is 2018.09.02 or earlier and if MKV file processing is enabled.

Check Version:

Check Live555 documentation or build information for version details.

Verify Fix Applied:

Verify that the system no longer processes MKV files or has been updated to a patched version.

📡 Detection & Monitoring

Log Indicators:

Crashes or abnormal terminations in Live555 processes
Error messages related to MKV file parsing

Network Indicators:

Unusual MKV file uploads to streaming servers
Increased error rates in streaming services

SIEM Query:

Search for process crashes of Live555 executables or abnormal termination events.

📊 Metadata

CVE ID: CVE-2025-65406

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-122

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: December 1, 2025

Last Updated: December 23, 2025

🔗 References

https://github.com/rgaufman/live555 Product
https://shimo.im/docs/1lq7rMrp8lI1vW3e Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65406, you might also want to check these: