CVE-2025-8537 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-8537

CVE-2025-8537

August 05, 2025

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Related Resources (5)

https://vuldb.com/?submit.619602

https://github.com/axiomatic-systems/Bento4/issues/1037

https://vuldb.com/?id.318666

https://drive.google.com/file/d/1AkRpx3wcMy3Ic9tQeQyRJybBipK72aQO/view?usp=drive_link

https://vuldb.com/?ctiid.318666

Do you need more information?

CVSS v4

Base Score:

2.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Exploit Maturity

PROOF-OF-CONCEPT

CVSS v2

Base Score:

2.6

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Reachable Assertion

CWE-617

Uncontrolled Resource Consumption

CWE-400

EPSS

Base Score:

0.23

Products

Solutions

Resources

Company

Compare

Developer Tools