CVE-2025-25678: A denial-of-service (DoS) vulnerability has been identified in the "StreamPro" media server software. An attacker could send a specially crafted request to cause the server to crash, leading to a service outage. The CVSS score for this vulnerability is 6.5 (Medium).
Verification Status (read first) Your brief: “CVE-2025-25678 — DoS in ‘StreamPro’ media server; crafted request → crash/outage; CVSS 6.5.” Public records today: The identifier CVE-2025-25678 is already assigned to a different product (Tenda i12) in NVD/CVE.org; no public entry links it to “StreamPro.” Treat this post as an early, class-based advisory for StreamPro until a vendor bulletin assigns a unique, non-colliding CVE. NVD +2 CVE +2 Executive Snapshot What it implies: A crafted request can crash StreamPro , causing service outage . Even as “Medium,” it’s operationally serious for streaming/CDN workloads. Risk profile: CVSS 6.5 (Medium) — disruption, SLA hits, and potential cascading failures across load balancers and upstreams. Why act now: Media servers are frequently targeted; HTTP/2-layer DoS (e.g., Rapid Reset ) shows how protocol quirks cause big outages even without huge bandwidth. Build edge-to-origin controls now. CISA +1 Do this today: ...