PatchSiren cyber security CVE debrief
CVE-2025-47219 Cert Portal CVE debrief
CVE-2025-47219 is a memory-safety issue described in the source corpus as a heap buffer read past the end while GStreamer’s isomp4 plugin parses an MP4 file. The advisory metadata also maps it to Siemens SIMATIC CN 4100 with low confidence, so product applicability should be confirmed before acting on the remediation.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Security teams and operators that process external MP4 content with GStreamer, and Siemens SIMATIC CN 4100 owners if the CISA/Siemens product mapping applies. ICS defenders should review it because the source advisory was published through CISA.
Technical summary
The source description says GStreamer through 1.26.1 may read past the end of a heap buffer in qtdemux_parse_trak while handling MP4 parsing, which can lead to information disclosure. CISA assigns CVSS 3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (8.1), indicating a high-severity issue even though exploitation complexity is not low. The supplied corpus also contains a product mapping to Siemens SIMATIC CN 4100 vers:intdot/<5.0, but that mapping is marked low confidence and needs review.
Defensive priority
High — prioritize validation of exposure, especially any service that parses externally supplied MP4 files, and confirm the affected product mapping before scheduling remediation.
Recommended defensive actions
- Confirm whether your environment actually uses the affected GStreamer isomp4/qtdemux code path or the Siemens SIMATIC CN 4100 product mapping in the advisory.
- Apply the vendor remediation listed in the advisory: update to V5.0 or later for the affected Siemens product set, if applicable.
- Reduce exposure for untrusted media ingestion paths and review where MP4 files are accepted from external or semi-trusted sources.
- Use CISA ICS recommended practices and defense-in-depth guidance for systems in scope of the advisory.
Evidence notes
The supplied corpus is internally inconsistent: the vulnerability description is for GStreamer through 1.26.1, while the metadata/product fields point to Siemens SIMATIC CN 4100 vers:intdot/<5.0 with low confidence and a needs-review flag. The source item identifies CISA advisory ICSA-26-134-10, published 2026-05-12 and republished 2026-05-14 as an initial republication of Siemens ProductCERT SSA-032379. No KEV entry or ransomware-campaign attribution was provided in the corpus.
Official resources
-
CVE-2025-47219 CVE record
CVE.org
-
CVE-2025-47219 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-05-12 and republished it on 2026-05-14; the provided source metadata says this was the initial CISA republication of Siemens ProductCERT SSA-032379.