CVE-2025-59728 is a vulnerability classified under CWE-787 (Out-of-bounds Write) found in the FFmpeg project's handling of MPEG-DASH manifests. The issue arises during the calculation of the content path when the function xmlNodeGetContent returns a buffer allocated exactly to the string length using strdup. If this buffer is non-empty and does not end with a '/', the code attempts to append a '/' character in-place. This operation writes two bytes starting at the last valid byte of the buffer, causing a NUL byte to be written one byte beyond the allocated memory boundary. This out-of-bounds write can corrupt adjacent memory, potentially leading to undefined behavior such as crashes or arbitrary code execution. The vulnerability affects FFmpeg versions up to 7.1.1 and the specific commit a218cafe4d3be005ab0c61130f90db4d21afb5db. The CVSS 4.0 score is 8.7, indicating high severity, with attack vector being adjacent network (AV:A), high attack complexity (AC:H), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H, I:H, A:H). No public exploits are known at this time. The recommended mitigation is upgrading to FFmpeg version 8.0 or later where this issue is resolved.

For European organizations, this vulnerability poses significant risks especially for those relying on FFmpeg for media streaming, broadcasting, or content delivery networks that utilize MPEG-DASH. Successful exploitation could lead to memory corruption resulting in denial of service (application crashes) or potentially remote code execution if combined with other vulnerabilities or attack vectors. This could disrupt media services, cause data breaches, or allow attackers to gain unauthorized control over affected systems. Given the high confidentiality, integrity, and availability impacts, organizations in media, telecommunications, and content distribution sectors are particularly vulnerable. The requirement for adjacent network access and low privileges lowers the barrier for attackers within the same network segment, increasing risk in shared or cloud environments common in Europe. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure.

European organizations should prioritize upgrading FFmpeg to version 8.0 or later where this vulnerability is fixed. In environments where immediate upgrade is not feasible, applying strict network segmentation to limit adjacent network access to FFmpeg services can reduce exposure. Implement runtime memory protection mechanisms such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) to mitigate exploitation impact. Conduct thorough input validation and sanitization on MPEG-DASH manifests to prevent malformed inputs triggering the vulnerability. Monitor application logs and network traffic for anomalies indicative of exploitation attempts. Employ intrusion detection systems tuned for media streaming protocols. Finally, maintain an up-to-date asset inventory to identify all FFmpeg instances and ensure timely patch management.