CVE-2025-60458 identifies a double free vulnerability in UxPlay version 1.72, specifically within the handling of RTSP (Real Time Streaming Protocol) TEARDOWN requests. A double free occurs when the same memory address is freed more than once, which can corrupt the memory management data structures, potentially leading to application crashes or undefined behavior. In this case, an attacker can send a specially crafted RTSP TEARDOWN request that triggers multiple calls to free() on the same pointer. This vulnerability does not allow for code execution or data leakage but can cause a denial of service by crashing the UxPlay service or causing it to become unstable. The vulnerability is remotely exploitable over the network without requiring privileges (AV:N/AC:L/PR:N), but it does require user interaction (UI:R) in the form of sending a crafted RTSP request. The scope is unchanged (S:U), and the impact is limited to availability (A:H), with no confidentiality or integrity impact. The CVSS score of 6.5 reflects a medium severity level. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The underlying CWE is CWE-400, which relates to uncontrolled resource consumption or memory management errors. Organizations using UxPlay for streaming or media playback services should be aware of this vulnerability as it could disrupt service availability if exploited.

For European organizations, the primary impact is denial of service affecting availability of media streaming services that rely on UxPlay 1.72. Disruptions could affect internal communications, media delivery platforms, or customer-facing streaming services. While confidentiality and integrity are not impacted, service outages could lead to operational downtime, customer dissatisfaction, and potential financial losses, especially for media companies or enterprises using UxPlay in critical workflows. The vulnerability could be exploited remotely without authentication, increasing risk if RTSP ports are exposed to untrusted networks. Organizations in sectors such as broadcasting, telecommunications, and media production in Europe could face interruptions if targeted. Additionally, denial of service attacks could be used as a distraction or part of a larger attack campaign. The lack of known exploits reduces immediate risk, but the public disclosure means attackers could develop exploits in the future.

To mitigate CVE-2025-60458, organizations should monitor for patches or updates from UxPlay developers and apply them promptly once available. In the absence of patches, restrict RTSP access using network segmentation and firewall rules to limit exposure to trusted internal networks only. Employ intrusion detection or prevention systems to monitor for anomalous RTSP TEARDOWN requests. Disable or remove UxPlay if it is not essential to reduce attack surface. Conduct regular vulnerability assessments and penetration tests focusing on RTSP services. Educate network administrators about this vulnerability to ensure rapid response to suspicious activity. Consider implementing rate limiting on RTSP requests to reduce the risk of denial of service. Maintain up-to-date asset inventories to identify all UxPlay instances for targeted remediation.