Skip to main content

CVE-2025-2759: CWE-732: Incorrect Permission Assignment for Critical Resource in GStreamer GStreamer

High
VulnerabilityCVE-2025-2759cvecve-2025-2759cwe-732
Published: Thu May 22 2025 (05/22/2025, 00:57:49 UTC)
Source: CVE
Vendor/Project: GStreamer
Product: GStreamer

Description

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.

AI-Powered Analysis

AILast updated: 07/07/2025, 10:43:23 UTC

Technical Analysis

CVE-2025-2759 is a local privilege escalation vulnerability in GStreamer version 1.24.8, stemming from incorrect permission assignments on critical folders during the product installation process. Specifically, the vulnerability arises because the installer sets overly permissive access rights on certain directories, classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). This misconfiguration allows a local attacker, who already has the ability to execute low-privileged code on the affected system, to escalate their privileges by exploiting these insecure folder permissions. By doing so, the attacker can execute arbitrary code with elevated privileges, potentially gaining control over the system or sensitive user contexts. The vulnerability does not require user interaction but does require local access with low privileges. The CVSS v3.0 score is 7.0 (high severity), reflecting the significant impact on confidentiality, integrity, and availability if exploited, although the attack complexity is high due to the prerequisite of local code execution and the need for elevated privileges to exploit the flaw. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on vendor updates or manual permission corrections.

Potential Impact

For European organizations, the impact of this vulnerability can be considerable, especially for those relying on GStreamer in multimedia processing, streaming, or embedded systems. Successful exploitation could allow attackers to escalate privileges from a low-privileged user account to higher privilege levels, potentially leading to full system compromise. This could result in unauthorized access to sensitive data, disruption of multimedia services, or use of compromised systems as footholds for lateral movement within corporate networks. Given that GStreamer is often integrated into Linux-based environments, which are common in European research institutions, media companies, and industrial control systems, the risk is amplified. The vulnerability could also affect cloud environments and containerized applications using GStreamer, increasing the attack surface. The lack of known exploits currently reduces immediate risk, but the high severity score and the nature of the flaw warrant proactive mitigation to prevent future exploitation.

Mitigation Recommendations

European organizations should immediately audit permissions on directories related to GStreamer installations, especially focusing on version 1.24.8. Manual correction of folder permissions to restrict access to only necessary users and groups can reduce exposure. System administrators should implement strict access control policies and use tools like 'chmod' and 'chown' to enforce least privilege on installation directories. Monitoring for unusual local privilege escalation attempts and employing endpoint detection and response (EDR) solutions can help detect exploitation attempts early. Organizations should track vendor advisories for patches or updated installers that correct the permission assignments and apply them promptly. Additionally, restricting local code execution capabilities for untrusted users and employing application whitelisting can reduce the likelihood of initial low-privilege code execution, thereby mitigating the prerequisite for exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
zdi
Date Reserved
2025-03-24T19:41:04.589Z
Cisa Enriched
false
Cvss Version
3.0
State
PUBLISHED

Threat ID: 682e78df0acd01a249253206

Added to database: 5/22/2025, 1:07:43 AM

Last enriched: 7/7/2025, 10:43:23 AM

Last updated: 8/17/2025, 10:02:04 AM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats