CVE-2025-0870

CVSS 3.1 Score 5.6 of 10 (medium)

Details

Published Jan 30, 2025

CWE ID 119

CWE ID 122

Summary

CVE-2025-0870 is a critical vulnerability affecting Axiomatic Bento4 versions up to 1.6.0-641. The issue lies in the AP4_DataBuffer::GetData function found in Ap4DataBuffer.h. This vulnerability results in a heap-based buffer overflow, which can be exploited remotely. The attack complexity is high, and exploitation is known to be difficult but has been disclosed to the public. Axiomatic Bento4 uses a rolling release model for continuous delivery, making it challenging to pinpoint specific affected and updated versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/264cvb
https://www.cve.org/CVERecord?id=CVE-2025-0870
https://nvd.nist.gov/vuln/detail/CVE-2025-0870

Back to Vulnerability Database

CVE-2025-0870

CVSS 3.1 Score 5.6 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations