CVE-2025-65405 is a use-after-free vulnerability identified in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media version 2018.09.02. Live555 is an open-source media streaming library widely used for RTSP, RTP, and RTCP streaming. The vulnerability arises when the function processes ADTS/AAC audio files; a crafted malformed ADTS/AAC file can trigger a use-after-free condition. This memory corruption flaw can cause the application to crash, resulting in a denial of service (DoS). The vulnerability does not appear to allow code execution or privilege escalation but disrupts service availability. No CVSS score has been assigned, and no patches or known exploits are currently available. The flaw affects any system using the vulnerable Live555 version to handle ADTS/AAC streams, including media servers, embedded devices, and streaming appliances. Attackers can exploit this by delivering maliciously crafted audio streams, potentially causing service outages. The lack of authentication requirement means any user able to supply media streams could trigger the issue. The vulnerability highlights the importance of secure media parsing and memory management in streaming libraries.

For European organizations, the primary impact is denial of service on systems relying on Live555 for streaming ADTS/AAC audio content. This could disrupt media delivery platforms, IPTV services, video conferencing systems, and embedded devices in telecommunications or broadcasting. Service interruptions could affect customer experience, operational continuity, and potentially lead to financial losses or reputational damage. Critical infrastructure using streaming media for monitoring or communications could also be impacted. Since the vulnerability requires crafted input but no authentication, attackers could exploit exposed streaming endpoints or trick users into opening malicious streams. The absence of known exploits reduces immediate risk, but the potential for widespread disruption exists if attackers develop reliable exploit methods. Organizations with large-scale media streaming deployments or embedded systems using Live555 are at higher risk. The impact on confidentiality and integrity is minimal, but availability is significantly affected.

1. Immediately identify and inventory all systems using Live555 Streaming Media version 2018.09.02 or earlier. 2. Avoid processing untrusted or unauthenticated ADTS/AAC audio streams until a patch is available. 3. Implement network-level filtering to restrict access to streaming services to trusted users and sources. 4. Employ sandboxing or containerization for media streaming applications to limit the impact of crashes. 5. Monitor logs and application behavior for crashes or abnormal terminations related to audio stream processing. 6. Once a patch or updated Live555 version is released, prioritize timely deployment across all affected systems. 7. Consider using alternative media streaming libraries with better security track records if patching is delayed. 8. Educate users and administrators about the risks of opening untrusted media streams. 9. Apply defense-in-depth by combining input validation, rate limiting, and anomaly detection on streaming endpoints. 10. Engage with vendors or open-source maintainers for updates and security advisories.