CVE-2025-65408 is a software vulnerability identified in the Live555 Streaming Media library, specifically in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function. This function is responsible for creating RTP sinks for ADTS audio streams. The vulnerability arises from a NULL pointer dereference triggered when the function processes a specially crafted ADTS audio file. This causes the application to crash or become unresponsive, resulting in a Denial of Service (DoS). Live555 is an open-source streaming media framework widely used in various applications, including media servers, IP cameras, and embedded devices that handle streaming protocols like RTSP. The affected version mentioned is v2018.09.02, but the exact range of vulnerable versions is not specified. No patches or fixes have been linked yet, and no known exploits are reported in the wild. The vulnerability does not require authentication or user interaction, making it potentially exploitable remotely if the streaming server processes untrusted ADTS files. The lack of a CVSS score necessitates an assessment based on impact and exploitability factors. The NULL pointer dereference primarily impacts availability by causing crashes, with no direct confidentiality or integrity compromise. The attack vector involves supplying malicious ADTS files, which could be delivered via network streams or file uploads depending on the deployment. Overall, this vulnerability represents a medium-severity DoS risk to services relying on Live555 for streaming ADTS audio content.

For European organizations, the primary impact of CVE-2025-65408 is service disruption due to Denial of Service attacks against streaming media infrastructure. Organizations operating media servers, video conferencing platforms, or IoT devices that embed Live555 could experience outages or degraded service availability. This can affect customer experience, operational continuity, and potentially lead to financial losses or reputational damage. Critical sectors such as broadcasting, telecommunications, and public safety that rely on real-time streaming may be particularly vulnerable. Additionally, embedded devices in smart city deployments or industrial environments using Live555 could be destabilized, impacting broader operational technology systems. Since the vulnerability does not allow remote code execution or data compromise, the confidentiality and integrity risks are low. However, the ease of triggering a crash remotely without authentication increases the likelihood of exploitation attempts, especially in exposed network environments. European organizations with less mature patch management or network segmentation practices may face higher exposure. The absence of known exploits currently provides a window for proactive mitigation before active attacks emerge.

To mitigate CVE-2025-65408, European organizations should first identify all systems and devices using Live555 Streaming Media, particularly those handling ADTS audio streams. Until an official patch is released, organizations should implement strict input validation and filtering at the network perimeter to block malformed or suspicious ADTS traffic. Deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect anomalous RTP or RTSP streams can reduce exposure. Network segmentation should isolate streaming servers from critical infrastructure and limit access to trusted clients only. Monitoring logs for crashes or unusual service restarts can help detect exploitation attempts early. Organizations should engage with vendors or open-source maintainers to obtain patches or updated versions addressing this vulnerability. For embedded devices, firmware updates may be necessary. Additionally, applying rate limiting on streaming requests and enforcing authentication where possible can reduce attack surface. Finally, maintaining an asset inventory and conducting regular vulnerability scans will improve readiness for future updates.