PT-2025-54491 · Unknown+1 · Fluidsynth+1

Published

2025-01-01

Updated

2026-02-27

CVE-2025-56225

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions fluidsynth versions 2.4.6 and earlier

Description The software contains a flaw that can lead to a denial-of-service condition or potentially allow for remote code execution. This issue stems from a null pointer dereference in the fluid synth monopoly.c file, which is triggered when processing invalid MIDI files. The issue is present in fluidsynth versions 2.4.6 and earlier.

Recommendations Versions prior to 2.4.6 are affected.

Exploit

Fix

DoS

RCE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-03010

CVE-2025-56225

OESA-2026-1065

OESA-2026-1066

OESA-2026-1067

OESA-2026-1068

OESA-2026-1069

OESA-2026-1070

OPENSUSE-SU-2026:10038-1

OPENSUSE-SU-2026:20291-1

Affected Products

Debian

Fluidsynth

PT-2025-54491 · Unknown+1 · Fluidsynth+1

CVE-2025-56225

Weakness Enumeration

Related Identifiers

Affected Products

References · 34