Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-98mt-7srw-qfh4
Vulnerability ID VCID-98mt-7srw-qfh4
Aliases CVE-2025-5283
Summary A vulnerability has been discovered in libvpx, which could lead to execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-415 Double Free
CWE-416 Use After Free
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2025-5283
cvssv3.1 5.4 https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html
ssvc Track https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html
cvssv3.1 5.4 https://issues.chromium.org/issues/419467315
ssvc Track https://issues.chromium.org/issues/419467315
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-42
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-43
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-44
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-45
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-46
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json
https://api.first.org/data/v1/epss?cve=CVE-2025-5283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283
1106689 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106689
2368749 https://bugzilla.redhat.com/show_bug.cgi?id=2368749
419467315 https://issues.chromium.org/issues/419467315
GLSA-202509-07 https://security.gentoo.org/glsa/202509-07
mfsa2025-42 https://www.mozilla.org/en-US/security/advisories/mfsa2025-42
mfsa2025-43 https://www.mozilla.org/en-US/security/advisories/mfsa2025-43
mfsa2025-44 https://www.mozilla.org/en-US/security/advisories/mfsa2025-44
mfsa2025-45 https://www.mozilla.org/en-US/security/advisories/mfsa2025-45
mfsa2025-46 https://www.mozilla.org/en-US/security/advisories/mfsa2025-46
RHSA-2025:8293 https://access.redhat.com/errata/RHSA-2025:8293
RHSA-2025:8308 https://access.redhat.com/errata/RHSA-2025:8308
RHSA-2025:8341 https://access.redhat.com/errata/RHSA-2025:8341
RHSA-2025:8598 https://access.redhat.com/errata/RHSA-2025:8598
RHSA-2025:8599 https://access.redhat.com/errata/RHSA-2025:8599
RHSA-2025:8607 https://access.redhat.com/errata/RHSA-2025:8607
RHSA-2025:8608 https://access.redhat.com/errata/RHSA-2025:8608
RHSA-2025:8628 https://access.redhat.com/errata/RHSA-2025:8628
RHSA-2025:8629 https://access.redhat.com/errata/RHSA-2025:8629
RHSA-2025:8630 https://access.redhat.com/errata/RHSA-2025:8630
RHSA-2025:8631 https://access.redhat.com/errata/RHSA-2025:8631
RHSA-2025:8642 https://access.redhat.com/errata/RHSA-2025:8642
RHSA-2025:8756 https://access.redhat.com/errata/RHSA-2025:8756
RHSA-2025:9071 https://access.redhat.com/errata/RHSA-2025:9071
RHSA-2025:9072 https://access.redhat.com/errata/RHSA-2025:9072
RHSA-2025:9073 https://access.redhat.com/errata/RHSA-2025:9073
RHSA-2025:9074 https://access.redhat.com/errata/RHSA-2025:9074
RHSA-2025:9075 https://access.redhat.com/errata/RHSA-2025:9075
RHSA-2025:9076 https://access.redhat.com/errata/RHSA-2025:9076
RHSA-2025:9077 https://access.redhat.com/errata/RHSA-2025:9077
RHSA-2025:9118 https://access.redhat.com/errata/RHSA-2025:9118
RHSA-2025:9119 https://access.redhat.com/errata/RHSA-2025:9119
RHSA-2025:9120 https://access.redhat.com/errata/RHSA-2025:9120
RHSA-2025:9122 https://access.redhat.com/errata/RHSA-2025:9122
RHSA-2025:9123 https://access.redhat.com/errata/RHSA-2025:9123
RHSA-2025:9124 https://access.redhat.com/errata/RHSA-2025:9124
RHSA-2025:9125 https://access.redhat.com/errata/RHSA-2025:9125
RHSA-2025:9126 https://access.redhat.com/errata/RHSA-2025:9126
RHSA-2025:9127 https://access.redhat.com/errata/RHSA-2025:9127
RHSA-2025:9128 https://access.redhat.com/errata/RHSA-2025:9128
RHSA-2025:9155 https://access.redhat.com/errata/RHSA-2025:9155
RHSA-2025:9331 https://access.redhat.com/errata/RHSA-2025:9331
stable-channel-update-for-desktop_27.html https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html
USN-7551-1 https://usn.ubuntu.com/7551-1/
USN-7991-1 https://usn.ubuntu.com/7991-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5283.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/ Found at https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://issues.chromium.org/issues/419467315
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:25:59Z/ Found at https://issues.chromium.org/issues/419467315
Exploit Prediction Scoring System (EPSS)
Percentile 0.50681
EPSS Score 0.00273
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:05.743101+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202509-07 38.0.0