What is CVE-2025-34128?

CVE-2025-34128 is a vulnerability in X360soft X360 Videoplayer Activex Control, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2025-07-16.

Is CVE-2025-34128 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in X360soft X360 Videoplayer Activex Control

CVE-2025-34128

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted i…

Vulnerability class: Buffer Overflow

EPSS: 0.704 (98.7th percentile) — read the EPSS interpretation.

Affected products

X360soft X360 Videoplayer Activex Control — versions 2.6

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
rh0dev.github.io/blog/2015/fun-with-info-leaks/ (third-party-advisory, technical-description)
www.exploit-db.com/exploits/35948 (exploit)
www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buff… (third-party-advisory)
www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow (third-party-advisory)
www.exploit-db.com/exploits/36100 (exploit)

Frequently asked questions

What is CVE-2025-34128?: CVE-2025-34128 is a vulnerability in X360soft X360 Videoplayer Activex Control, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2025-07-16.
Is CVE-2025-34128 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.