CVE-2025-59728 is an out-of-bounds write vulnerability classified under CWE-787, affecting the FFmpeg multimedia framework's handling of MPEG-DASH manifests. The issue arises during the calculation of the content path where the function xmlNodeGetContent returns a buffer allocated precisely to the string length using strdup. If this buffer is non-empty and does not end with a '/', the code attempts to append a '/' character in-place by writing two bytes starting at the last valid byte of the buffer. This results in a NUL byte being written one byte beyond the allocated buffer boundary, causing an out-of-bounds write. Such memory corruption can lead to undefined behavior including application crashes, data corruption, or potentially arbitrary code execution if exploited. The vulnerability affects FFmpeg versions including 7.1.1 and specific commits prior to version 8.0, which contains the fix. The CVSS 4.0 score is 8.7 (high severity), reflecting the vulnerability's potential impact on confidentiality, integrity, and availability, combined with the requirement for local or adjacent network access, low privileges, and high attack complexity. No user interaction is needed, but no known exploits have been reported in the wild. The vulnerability was publicly disclosed on October 6, 2025, and is assigned by Google.

The out-of-bounds write vulnerability in FFmpeg's MPEG-DASH handling can lead to memory corruption, which may cause application crashes or enable attackers to execute arbitrary code within the context of the vulnerable process. This can compromise the confidentiality, integrity, and availability of systems processing MPEG-DASH streams using affected FFmpeg versions. Organizations relying on FFmpeg for media streaming, video processing, or content delivery may face service disruptions or potential system compromise. Given FFmpeg's widespread use in media servers, streaming platforms, and embedded devices, the impact can be significant, especially in environments where FFmpeg runs with elevated privileges or processes untrusted input. Although exploitation complexity is high and requires local or adjacent network access with low privileges, the absence of user interaction lowers the barrier for automated or scripted attacks in controlled environments. The lack of known exploits in the wild currently limits immediate risk, but the vulnerability remains a critical concern for media infrastructure security.

To mitigate CVE-2025-59728, organizations should upgrade FFmpeg to version 8.0 or later, where the vulnerability has been addressed. Until upgrading is feasible, restrict access to systems running vulnerable FFmpeg versions to trusted users and networks to reduce the risk of exploitation. Implement strict input validation and sanitization for MPEG-DASH manifests to minimize the chance of triggering the vulnerability. Employ runtime protections such as memory safety tools (e.g., AddressSanitizer) during development and testing to detect out-of-bounds writes. Additionally, consider sandboxing or isolating FFmpeg processes to limit the impact of potential exploitation. Monitor security advisories and logs for unusual crashes or behavior indicative of exploitation attempts. Finally, maintain a robust patch management process to ensure timely application of security updates.