CVE-2025-2759

High CVSS: 7.8

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.

Vendor

Gstreamer

Product

Gstreamer

CWE

CWE-732

Yayın Tarihi

2025-05-22 01:15:52

Güncelleme

2026-03-17 15:52:33

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-732 Gstreamer HIGH Gstreamer 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-268/

Benzer Kayıtlar

High

CVE-2026-3081

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows…

High

CVE-2026-3082

GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a…

High

CVE-2026-3083

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attacke…

High

CVE-2026-3084

GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote att…

High

CVE-2026-3085

GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote…

High

CVE-2026-3086

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote a…