## https://sploitus.com/exploit?id=F1C5445F-3902-5998-91F3-0DFEBFEF1A1E
# CVE-2025-60458
**UxPlay 1.72 RTSP TEARDOWN Double Free Vulnerability**
## Description
UxPlay version 1.72 contains a double free vulnerability in its RTSP request handling logic. A remote attacker can trigger multiple calls to `free()` on the same heap memory object by sending a specially crafted RTSP TEARDOWN request.
This flaw results from improper memory lifecycle management during RTSP session cleanup. When exploited, the vulnerability can cause heap corruption, leading to a denial of service (application crash). The issue may also allow arbitrary code execution.
## Vulnerability Type
- **Double Free**
## Affected Product
- **UxPlay version 1.72**
## Affected Component
- **RTSP request handling / session teardown logic**
## Attack Vector
- **Remote**
- **Exploitable via a crafted RTSP request over the network**
## Impact
- **Denial Of Service**
- **Code Execution**
- **Information Discolsure**
## Severity
- **CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H**
- **Base Score: 8.6 (High)**
## Discoverer
- **Jbr Alotaibi**