AI Threat Alert AI Threat Alert

CVE-2025-12343: ffmpeg: security flaw enables exploitation

MEDIUM
Published February 18, 2026
CISO Take

CVE-2025-12343 is a medium-severity DoS vulnerability in FFmpeg's TensorFlow DNN backend affecting AI/ML media processing pipelines. The local attack vector and required user interaction significantly limit real-world exploitability, but automated media ingestion pipelines effectively eliminate the 'user interaction' barrier. Patch FFmpeg in any environment using TensorFlow-based DNN inference for video/audio processing, and validate that untrusted media files cannot reach FFmpeg's DNN backend directly.

Risk Assessment

Risk is LOW-MEDIUM in practice. CVSS 5.5 reflects the local attack vector (AV:L) and required user interaction (UI:R), which together constrain exploitability. No privilege escalation or code execution is possible — impact is pure availability (A:H). However, in automated AI/ML media processing pipelines (e.g., video content analysis, computer vision preprocessing), the 'user interaction' constraint is functionally irrelevant as the pipeline processes files autonomously. Exposure increases significantly in architectures where untrusted media files feed directly into FFmpeg-based DNN inference. Not in CISA KEV; no active exploitation reported.

Affected Systems

Package Ecosystem Vulnerable Range Patched
ffmpeg No patch

Do you use ffmpeg? You're affected.

Severity & Risk

CVSS 3.1
5.5 / 10
EPSS
0.0%
chance of exploitation in 30 days
Higher than 0% of all CVEs
Source: EPSS v3 — FIRST.org
Exploitation Status
No known exploitation
Sophistication
Trivial

Attack Surface

AV AC PR UI S C I A
AV Local
AC Low
PR None
UI Required
S Unchanged
C None
I None
A High

Recommended Action

6 steps

  1. Inventory FFmpeg versions across AI/ML infrastructure, particularly in media preprocessing and computer vision pipelines.

  2. Apply available vendor patches from RedHat (CVE-2025-12343 advisory); monitor upstream FFmpeg for official patch version.

  3. If patching is not immediately possible, disable FFmpeg's TensorFlow DNN backend (dnn_backend_tf) in non-essential workloads.

  4. Implement input validation and sandboxing for media files processed through FFmpeg — run FFmpeg in isolated containers with resource limits to contain crash impact.

  5. Add crash monitoring and alerting on FFmpeg processes in AI/ML pipelines (unexpected exits, OOM signals).

  6. In automated pipelines, enforce file-type and content validation upstream before DNN processing.

CISA SSVC Assessment

Decision Track
Exploitation none
Automatable No
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Code Execution Auth Bypass DoS Framework RAG Model AML.T0010.001 AML.T0011 AML.T0011.000 AML.T0029 AML.T0049

Compliance Impact

This CVE is relevant to:

EU AI Act
Art. 9 - Risk Management System Art.15 - Accuracy, robustness and cybersecurity of high-risk AI systems
ISO 42001
A.6.2.6 - AI System Availability and Resilience A.9.3 - AI system performance and robustness
NIST AI RMF
GOVERN 6.1 - Third-party AI risks are managed MANAGE 2.4 - Residual risks are addressed and treated RMF-MANAGE-2.4 - Residual risks and system reliability RMF-MAP-5.1 - Likelihood and magnitude of impacts from AI risks
OWASP LLM Top 10
LLM05:2025 - Insecure Plugin Design / Supply Chain Vulnerabilities

Frequently Asked Questions

What is CVE-2025-12343?

CVE-2025-12343 is a medium-severity DoS vulnerability in FFmpeg's TensorFlow DNN backend affecting AI/ML media processing pipelines. The local attack vector and required user interaction significantly limit real-world exploitability, but automated media ingestion pipelines effectively eliminate the 'user interaction' barrier. Patch FFmpeg in any environment using TensorFlow-based DNN inference for video/audio processing, and validate that untrusted media files cannot reach FFmpeg's DNN backend directly.

Is CVE-2025-12343 actively exploited?

No confirmed active exploitation of CVE-2025-12343 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-12343?

1. Inventory FFmpeg versions across AI/ML infrastructure, particularly in media preprocessing and computer vision pipelines. 2. Apply available vendor patches from RedHat (CVE-2025-12343 advisory); monitor upstream FFmpeg for official patch version. 3. If patching is not immediately possible, disable FFmpeg's TensorFlow DNN backend (dnn_backend_tf) in non-essential workloads. 4. Implement input validation and sandboxing for media files processed through FFmpeg — run FFmpeg in isolated containers with resource limits to contain crash impact. 5. Add crash monitoring and alerting on FFmpeg processes in AI/ML pipelines (unexpected exits, OOM signals). 6. In automated pipelines, enforce file-type and content validation upstream before DNN processing.

What systems are affected by CVE-2025-12343?

This vulnerability affects the following AI/ML architecture patterns: media processing pipelines, computer vision preprocessing, training data pipelines, model serving with FFmpeg integration, multimodal AI ingestion pipelines, video content moderation systems.

What is the CVSS score for CVE-2025-12343?

CVE-2025-12343 has a CVSS v3.1 base score of 5.5 (MEDIUM). The EPSS exploitation probability is 0.00%.

Technical Details

NVD Description

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.

Exploitation Scenario

An adversary targeting an AI-powered media analysis service (e.g., automated video moderation, content classification) uploads a specially crafted media file designed to trigger error-handling paths in FFmpeg's TensorFlow DNN backend. When the pipeline calls dnn_execute_model_tf() to run inference on the file, the double-free is triggered, crashing the FFmpeg worker process. In a poorly isolated architecture, this crash propagates to the inference service, causing repeated DoS against the AI pipeline. An adversary can automate this by bulk-uploading malicious files, causing sustained service disruption with minimal effort and no elevated privileges.

Weaknesses (CWE)

CWE-415

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Timeline

Published
February 18, 2026
Last Modified
February 26, 2026
First Seen
February 18, 2026

Related Vulnerabilities

CRITICAL CVE-2025-5120 10.0

smolagents: sandbox escape enables unauthenticated RCE

Same attack type: Code Execution
CRITICAL CVE-2025-59528 10.0

Flowise: Unauthenticated RCE via MCP config injection

Same attack type: Code Execution
CRITICAL CVE-2025-2828 10.0

LangChain RequestsToolkit: SSRF exposes cloud metadata

Same attack type: Auth Bypass
CRITICAL CVE-2025-53767 10.0

Azure OpenAI: SSRF EoP, no auth required (CVSS 10)

Same attack type: Auth Bypass
CRITICAL CVE-2024-2912 10.0

BentoML: RCE via insecure deserialization (CVSS 10)

Same attack type: Code Execution
Back to Threat Feed