← volver
CVE-2025-2759

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

CVSS 7 HIGHEPSS 0.1%CWE-732
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 may 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
GStreamer · GStreamer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.zerodayinitiative.com/advisories/ZDI-25-268/