CVE-2025-65408 – This vulnerability allows attackers to cause a ... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to cause a denial of service by sending a specially crafted ADTS audio file to Live555 Streaming Media servers. The NULL pointer dereference crashes the server process, disrupting streaming services. Organizations using Live555 for media streaming are affected.

💻 Affected Systems

Products:

Live555 Streaming Media

Versions: v2018.09.02 and potentially earlier versions

Operating Systems: All platforms running Live555

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using ADTS audio streaming functionality

📦 What is this software?

Streaming Media by Live555

View all CVEs affecting Streaming Media →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of all streaming services using the vulnerable Live555 component, requiring manual restart of affected servers.

🟠

Likely Case

Targeted DoS attacks against specific streaming endpoints causing temporary service interruptions.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and response.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires sending a malicious ADTS file to the streaming server

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check for updated version from Live555 repository
2. Recompile and replace vulnerable binaries
3. Restart streaming services

🔧 Temporary Workarounds

Disable ADTS streaming

all

Disable ADTS audio streaming functionality if not required

Modify Live555 configuration to disable ADTS support

Network filtering

all

Block or filter ADTS files at network perimeter

Configure firewall/WAF to inspect and block malicious ADTS payloads

🧯 If You Can't Patch

Implement strict input validation for ADTS files
Deploy monitoring and automated restart mechanisms for crashed services

🔍 How to Verify

Check if Vulnerable:

Check Live555 version and verify ADTS functionality is enabled

Check Version:

Check Live555 build version in source or binary metadata

Verify Fix Applied:

Test with known malicious ADTS file and verify service remains stable

📡 Detection & Monitoring

Log Indicators:

Live555 process crashes
Segmentation fault errors
Unexpected service restarts

Network Indicators:

Unusual ADTS file uploads to streaming endpoints
Repeated connection attempts with audio files

SIEM Query:

source="live555" AND (error="segmentation fault" OR error="null pointer")

📊 Metadata

CVE ID: CVE-2025-65408

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: December 1, 2025

Last Updated: December 23, 2025

🔗 References

https://github.com/rgaufman/live555 Product
https://shimo.im/docs/VMAPLVLp57SJ92Ag Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65408, you might also want to check these: