CVE-2025-14569

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions whisper.cpp versions up to 1.8.2

Description A flaw exists in ggml-org whisper.cpp, specifically within the read audio data function located in the /whisper.cpp/examples/common-whisper.cpp file. This issue leads to a use-after-free condition. Local access is required for exploitation. The details of the exploit are publicly available. The project maintainers were notified of the issue but have not yet responded.

Recommendations Versions prior to 1.8.2 should be updated. As a temporary workaround, consider restricting access to the /whisper.cpp/examples/common-whisper.cpp file to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

CVE-2025-14569

Affected Products

Whisper.Cpp

CVE-2025-14569

Weakness Enumeration

Related Identifiers

Affected Products

References · 13