CVE-2025-34123 is a high-severity stack-based buffer overflow vulnerability identified in VideoCharge Software's Studio product, specifically version 2.12.3.685. The vulnerability arises from improper handling of user-supplied data within the XML 'Name' attribute of a .VSC configuration file. When the software processes a maliciously crafted .VSC file, the buffer overflow can overwrite the Structured Exception Handler (SEH) on the stack, enabling an attacker to hijack the control flow of the application. This can lead to arbitrary code execution under the context of the user who opens the malicious file. The attack vector requires user interaction, specifically convincing a user to open a malicious .VSC file, which is a common scenario in spear-phishing or targeted attacks. The vulnerability is characterized by CWE-121 (stack-based buffer overflow), CWE-20 (improper input validation), and CWE-94 (improper control of code generation), indicating that the root cause is insufficient validation and sanitization of input data leading to memory corruption. The CVSS 4.0 base score is 8.4, reflecting a high severity due to the potential for remote code execution without requiring privileges or authentication, but requiring user interaction. No known exploits are currently reported in the wild, and no patches have been published yet, increasing the urgency for mitigation and monitoring. The vulnerability affects only version 2.12.3.685 of VideoCharge Studio, a multimedia processing software used for video editing and conversion tasks, which may be deployed in media production, marketing, and other content creation environments.

For European organizations, this vulnerability poses a significant risk especially to those in media, advertising, and content production sectors that utilize VideoCharge Studio for video processing workflows. Successful exploitation could lead to arbitrary code execution, allowing attackers to execute malicious payloads, potentially leading to data theft, system compromise, lateral movement, or deployment of ransomware. Since the exploit requires user interaction, targeted social engineering campaigns could be used to deliver malicious .VSC files via email or file sharing platforms. The compromise of workstations or servers running the vulnerable software could disrupt business operations, lead to intellectual property loss, and damage organizational reputation. Additionally, if exploited in environments with sensitive or regulated data, such as broadcasting companies or media agencies handling personal data, this could trigger compliance violations under GDPR, resulting in legal and financial penalties. The lack of patches and known exploits in the wild means organizations must proactively mitigate risk to prevent potential future attacks.

1. Immediate mitigation should focus on user awareness training to recognize and avoid opening suspicious or unsolicited .VSC files, especially from untrusted sources. 2. Implement strict email filtering and attachment scanning to block or quarantine potentially malicious .VSC files. 3. Restrict the use of VideoCharge Studio to trusted users and environments, and consider isolating systems running the vulnerable version to limit exposure. 4. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behaviors indicative of exploitation attempts. 5. Monitor network and host logs for unusual activity related to VideoCharge Studio processes or unexpected execution flows. 6. Coordinate with VideoCharge Software for timely patch releases and apply updates as soon as they become available. 7. If feasible, consider temporarily replacing VideoCharge Studio with alternative video processing tools that do not have this vulnerability until a patch is released. 8. Conduct regular backups of critical data and verify recovery procedures to minimize impact in case of compromise.