CVE-2025-2759

CVE-2025-2759

Name

CVE-2025-2759

Description

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
x_research-advisory	https://www.zerodayinitiative.com/advisories/ZDI-25-268/

Type

URI

x_research-advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-268/

CPE URI	Source package	Min version	Max version
	gstreamer	== 1.24.8	== 1.24.8
`cpe:2.3:a:gstreamer_project:gstreamer::::::::`	gstreamer	>= None	< 1.25.1

CPE URI

Source package

Min version

Max version

gstreamer

== 1.24.8

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

gstreamer

>= None

< 1.25.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
gstreamer	edge-main	1.24.12-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
gstreamer	edge-main	1.24.11-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
gstreamer	edge-main	1.24.10-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
gstreamer	edge-main	1.24.9-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
gstreamer	edge-main	1.18.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gstreamer	3.22-main	1.18.4-r0	None	possibly vulnerable
gstreamer	3.21-main	1.24.11-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
gstreamer	3.21-main	1.24.10-r0	Krassy Boykinov <kboykinov@teamcentrixx.com>	possibly vulnerable
gstreamer	3.21-main	1.18.4-r0	None	possibly vulnerable
gstreamer	3.20-main	1.24.10-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gstreamer	3.20-main	1.24.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gstreamer	3.20-main	1.18.4-r0	None	possibly vulnerable
gstreamer	3.19-main	1.22.12-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gstreamer	3.19-main	1.18.4-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

gstreamer

edge-main

1.24.12-r0

Krassy Boykinov <kboykinov@teamcentrixx.com>

possibly vulnerable

gstreamer

edge-main