CVE-2025-65408 is a vulnerability identified in the Live555 Streaming Media library version 2018.09.02, specifically within the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function. The flaw arises due to a NULL pointer dereference (CWE-476) when processing ADTS audio files. An attacker can exploit this by supplying a crafted ADTS file that causes the function to dereference a NULL pointer, leading to a crash of the streaming media server or application using Live555. This results in a Denial of Service (DoS) condition, disrupting availability of streaming services. The vulnerability can be triggered remotely over the network (AV:N) without requiring any privileges (PR:N), but does require user interaction (UI:R) in the form of the server processing the malicious ADTS file. The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component without affecting other system components. The CVSS v3.1 base score is 6.5, reflecting a medium severity level due to the high impact on availability but no impact on confidentiality or integrity. No known exploits have been reported in the wild, and no patches have been published yet. Live555 is widely used in streaming media applications and devices, including IP cameras, media servers, and embedded systems, making this vulnerability relevant for organizations relying on these technologies.

For European organizations, the primary impact is service disruption due to the Denial of Service caused by the vulnerability. Organizations providing streaming media services, particularly those using Live555 for ADTS audio streaming, may experience outages or degraded service availability. This can affect broadcasters, media content providers, and enterprises using video conferencing or surveillance systems that incorporate Live555. While confidentiality and integrity are not directly impacted, the availability loss can lead to operational downtime, customer dissatisfaction, and potential financial losses. Critical infrastructure relying on streaming media for monitoring or communication could also be affected, increasing operational risk. Since exploitation requires user interaction (processing a malicious ADTS file), the risk is somewhat mitigated but still significant in environments where untrusted media files are processed. The lack of patches means organizations must rely on interim mitigations until a fix is available.

1. Monitor streaming media servers and applications for crashes or abnormal restarts that could indicate exploitation attempts. 2. Restrict or validate input sources to the Live555 component, especially filtering or sandboxing ADTS audio files from untrusted or external sources. 3. Implement network-level protections such as firewalls or intrusion detection systems to detect and block suspicious traffic targeting streaming media services. 4. Isolate streaming media infrastructure from critical systems to contain potential DoS impacts. 5. Engage with vendors or maintainers of Live555 to obtain patches or updates as soon as they become available. 6. Consider deploying application-layer protections or wrappers that validate media file integrity before processing. 7. Educate operational staff about the vulnerability and signs of exploitation to enable rapid response. 8. Where possible, update to newer versions of Live555 that may have addressed this or similar issues.