QwikSec

Security Database

CVE

CWE

Training

CVE-2025-14569

Published: Dec 12, 2025

Modified: Dec 12, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Vendor	Product	Versions
ggml-org	whisper.cpp	affected `1.8.0` affected `1.8.1` affected `1.8.2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-336193 | ggml-org whisper.cpp common-whisper.cpp read_audio_data use after free

vdb-entry

technical-description

VDB-336193 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #703886 | ggerganov whisper.cpp v1.8.2 Free of Memory not on the Heap

third-party-advisory

https://github.com/ggml-org/whisper.cpp/issues/3501

issue-tracking

https://github.com/oneafter/InvalidFree/blob/main/repro

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.