PatchSiren cyber security CVE debrief
CVE-2025-55651 GPAC CVE debrief
CVE-2025-55651 is a medium-severity vulnerability in GPAC MP4Box v2.4. A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. The vulnerability has a CVSS score of 5.5 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2025-55651).
- Vendor
- GPAC
- Product
- MP4Box
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Users of GPAC MP4Box v2.4 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4. This can be exploited by supplying a crafted MP4 file, leading to a Denial of Service (DoS).
Defensive priority
medium
Recommended defensive actions
- Update to a patched version of GPAC MP4Box if available.
- Be cautious when handling MP4 files from untrusted sources.
Evidence notes
The vulnerability is confirmed by the CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2025-55651) and the NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2025-55651).
Official resources
-
CVE-2025-55651 CVE record
CVE.org
-
CVE-2025-55651 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Third Party Advisory
-
Source reference
134c704f-9b21-4f2e-91b3-4a467353bcc0 - Exploit
CVE-2025-55651 was published on 2026-06-09T19:17:31.290Z and modified on 2026-06-12T16:39:59.680Z.