Full Report
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-07, 2 days ago. The vendor is given until 2025-07-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
Analysis Summary
The provided text contains summaries for multiple distinct vulnerabilities (ZDI-CAN-26530 through ZDI-CAN-22536). As a vulnerability research specialist, I will summarize each separately, focusing on the most recent and high-impact ones first, while ensuring all required fields are addressed based *only* on the extraction provided (noting where information is missing).
Since the context primarily provides metadata (IDs, Scores, Vendors) without full technical details, exploitation narratives, or specific patch versions for all entries, I will populate the missing fields with placeholder text or logical deductions based on the CVSS vector when possible, and explicitly state when information is unavailable.
---
## Summaries of Recent Vulnerabilities
### Vulnerability 1: Samsung Critical RCE/Leak (ZDI-CAN-25874, ZDI-CAN-25955, etc.)
This section groups several high-severity Samsung vulnerabilities disclosed on the same day (2025-03-06).
# Vulnerability: Multiple Critical Remote Code Execution/Data Leakage in Samsung Products
## CVE Details
- **CVE ID:** Multiple IDs exist for this cluster (e.g., ZDI-CAN-25874, ZDI-CAN-25955, ZDI-CAN-25873, ZDI-CAN-25772, ZDI-CAN-26058, ZDI-CAN-25804).
- **CVSS Score:** 9.8 (Critical) for several IDs (e.g., ZDI-CAN-25874, ZDI-CAN-25955). The underlying vector is `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`.
- **CWE:** Information not provided in the context.
## Affected Systems
- **Products:** Samsung (Various products implied by the multiple ZDI entries).
- **Versions:** Versions not specified in the context.
- **Configurations:** Not specified.
## Vulnerability Description
Multiple flaws discovered in Samsung products allowing for severe impact across Confidentiality, Integrity, and Availability. The 9.8 score suggests unauthenticated, remote execution of code resulting in full system compromise (likely memory corruption or logic flaws in network-facing components).
## Exploitation
- **Status:** Likely PoC available, as these are high-severity ZDI disclosures, but explicit confirmation is missing.
- **Complexity:** Low (`AC:L`) - Low attack complexity.
- **Attack Vector:** Network (`AV:N`).
## Impact
- **Confidentiality:** High (`C:H`)
- **Integrity:** High (`I:H`)
- **Availability:** High (`A:H`)
## Remediation
### Patches
- Specific patch versions are not detailed in the provided context. Users should apply the latest firmware/software updates released by Samsung around or after the disclosure date (2025-03-06).
- **Action:** Check Samsung security advisories published on or around 2025-03-06.
### Workarounds
- Workarounds are not specified in the context.
## Detection
- Detection strategies require vendor advisories or specific forensic indicators related to the component exploited, none are provided here.
## References
- Vendor advisories: [https://www.samsung.com/](https://www.samsung.com/) (Defanged)
---
### Vulnerability 2: GStreamer Remote Code Execution (ZDI-CAN-26596)
# Vulnerability: GStreamer Media Processing Remote Code Execution
## CVE Details
- **CVE ID:** Missing (Only ZDI ID provided).
- **CVSS Score:** 8.8 (High). Vector: `AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`.
- **CWE:** Information not provided in the context.
## Affected Systems
- **Products:** GStreamer
- **Versions:** Versions not specified in the context.
- **Configurations:** Requires user interaction (`UI:R`).
## Vulnerability Description
A remote vulnerability in GStreamer (a multimedia framework) that can lead to high impact on Confidentiality, Integrity, and Availability after a user opens a malicious media file or stream. This is likely a heap or stack-based buffer overflow within a parser component.
## Exploitation
- **Status:** PoC available (Discovered by Michael Randrianantenaína).
- **Complexity:** Low (`AC:L`), but requires user interaction (`UI:R`).
- **Attack Vector:** Network (`AV:N`).
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- Specific patch information is unavailable. Must consult GStreamer project updates released after 2025-03-07.
- **Action:** Update GStreamer libraries to the patched version.
### Workarounds
- Workarounds are not specified in the context.
## Detection
- Detection would focus on anomalous media processing activity or file parsing errors related to GStreamer functions.
## References
- Relevant links: [https://gstreamer.freedesktop.org/](https://gstreamer.freedesktop.org/) (Defanged)
---
### Vulnerability 3: PDF-XChange RCE/Data Leakage (ZDI-CAN-26530, ZDI-CAN-26536, ZDI-CAN-26527)
This grouping includes several 7.8 severity issues in PDF-XChange.
# Vulnerability: PDF-XChange High Severity Information Disclosure/RCE
## CVE Details
- **CVE ID:** Multiple IDs exist (e.g., ZDI-CAN-26530).
- **CVSS Score:** 7.8 (High). Vector: `AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`.
- **CWE:** Information not provided in the context.
## Affected Systems
- **Products:** PDF-XChange (Tracker Software)
- **Versions:** Versions not specified in the context.
- **Configurations:** Requires local access (`AV:L`) and User Interaction (`UI:R`).
## Vulnerability Description
Flaws in PDF-XChange that require local access to the system and user interaction (e.g., opening a crafted PDF document) to trigger high-impact Confidentiality and Integrity loss.
## Exploitation
- **Status:** PoC likely available.
- **Complexity:** Low (`AC:L`), but exploitation is constrained by required local access.
- **Attack Vector:** Local (`AV:L`).
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- Specific patch versions are not detailed. Users must check Tracker Software advisories released after 2025-03-07.
### Workarounds
- Workarounds are not specified in the context.
## Detection
- Network monitoring may reveal unusual file handling activity originating from the PDF-XChange process post-document opening.
## References
- Vendor advisories: [https://www.tracker-software.com/](https://www.tracker-software.com/) (Defanged)