CVE-2025-2759 — Incorrect Permission Assignment in Gstreamer

CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 88.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gstreamer Debian Gstreamer1.0

Timeline

PublishedMay 22

Latest updateMay 23

Description

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileg…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDgstreamer/gstreamer< 1.25.1

▶CVEListV5gstreamer/gstreamer1.24.8

▶debiandebian/gstreamer1.0

🔴Vulnerability Details

OSV

CVE-2025-2759: GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability↗2025-05-23

▶

GHSA

GHSA-83gq-j832-3543: GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability↗2025-05-22

▶

📋Vendor Advisories

Debian

CVE-2025-2759: gstreamer1.0 - GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerabili...↗2025

▶