Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2025-69693
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2025-69693 | 16 Mar 202600:00 | – | alpinelinux |
 | ffmpeg 安全漏洞 | 16 Mar 202600:00 | – | cnnvd |
 | CVE-2025-69693 | 16 Mar 202600:00 | – | cve |
 | CVE-2025-69693 | 16 Mar 202600:00 | – | cvelist |
 | CVE-2025-69693 | 16 Mar 202600:00 | – | debiancve |
 | EUVD-2025-208761 | 16 Mar 202621:34 | – | euvd |
 | CVE-2025-69693 | 16 Mar 202620:16 | – | nvd |
 | CGA-58W2-XF63-4G3W | 30 Mar 202620:18 | – | osv |
| DEBIAN-CVE-2025-69693 | 16 Mar 202620:16 | – | osv |
| UBUNTU-CVE-2025-69693 | 16 Mar 202620:16 | – | osv |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/security/CVE-2025-69693 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(302758);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/29");
script_cve_id("CVE-2025-69693");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-69693");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization
parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound
validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from
read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid indices 0-63). This results in out-of-
bounds array access at lines 1554 (decode_cbp8), 1655 (decode_cbp16), and 1419/1421 (get_c4x4_set),
potentially leading to memory disclosure or crash. A previous fix in commit 61cbcaf93f added validation
only for intra frames. This vulnerability affects the released versions 8.0 (released 2025-08-22) and
8.0.1 (released 2025-11-20) and is fixed in git master commit 8abeb879df which will be included in FFmpeg
8.1. (CVE-2025-69693)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-69693");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-69693");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ffmpeg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libav");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Ubuntu Linux-14.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "14.04",
"pkgs": [
{"reference": "libav"}
]
}
]
},
"Ubuntu Linux-16.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "16.04",
"pkgs": [
{"reference": "ffmpeg"}
]
}
]
},
"Ubuntu Linux-18.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "18.04",
"pkgs": [
{"reference": "ffmpeg"}
]
}
]
},
"Ubuntu Linux-20.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "20.04",
"pkgs": [
{"reference": "ffmpeg"}
]
}
]
},
"Ubuntu Linux-22.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "22.04",
"pkgs": [
{"reference": "ffmpeg"}
]
}
]
},
"Ubuntu Linux-24.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "24.04",
"pkgs": [
{"reference": "ffmpeg"}
]
}
]
},
"Ubuntu Linux-25.10": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "25.10",
"pkgs": [
{"reference": "ffmpeg"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Mar 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.4
EPSS0.00018
SSVC