CVE-2025-2759

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Published: 5/22/2025 Last updated: 5/22/2025 Reserved: 3/24/2025

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.

CNA assigner: zdi (99f1926a-a320-47d8-bbb5-42feb611262e) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	7	High	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-gstreamer gstreamer

Products affected (1)

Product	Vendor	Version
GStreamer	GStreamer	<= 15.2

References (1)

https://www.zerodayinitiative.com/advisories/ZDI-25-268/