Cyber Posture

CVE-2025-29365

CriticalPublic PoC

Published: 22 August 2025

Published
22 August 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29365 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Spimsimulator Spim. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the buffer overflow flaw in spimsimulator's READ_STRING_SYSCALL, directly preventing exploitation via patching.

SI-16 Memory Protection good match
prevent

Implements memory protections such as address space layout randomization and data execution prevention to block arbitrary code execution from the buffer overflow vulnerability.

SI-10 Information Input Validation good match
prevent

Mandates validation of information inputs to the READ_STRING_SYSCALL function, addressing CWE-120, CWE-125, CWE-274, and CWE-787 by checking string sizes before buffer operations.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote unauthenticated buffer overflow enabling arbitrary code execution maps directly to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.

Deeper analysisAI

CVE-2025-29365 is a buffer overflow vulnerability in the READ_STRING_SYSCALL function of spimsimulator spim versions v9.1.24 and earlier. Published on 2025-08-22, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWEs-120 (Buffer Copy without Checking Size of Input), CWE-125 (Out-of-bounds Read), CWE-274 (Improper Handling of Insufficient Buffer Space), and CWE-787 (Out-of-bounds Write).

The vulnerability enables exploitation by a remote, unauthenticated attacker with no privileges required and no user interaction needed. Attackers can trigger the buffer overflow over the network with low complexity, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or system compromise.

Advisories and additional details are available in referenced resources, including a GitHub Gist at https://gist.github.com/Giles-one/3a80cd1c7014e50601bd1c0dd9d41663 and a GitHub repository README at https://github.com/Giles-one/spimsimulatorEscape?tab=readme-ov-file#bug1-out-of-bounds-write-in-read_input-function, which describes the issue as an out-of-bounds write in the read_input function. No specific patches or mitigations are detailed in the provided information.

Details

CWE(s)
CWE-120CWE-125CWE-274CWE-787

Affected Products

spimsimulator
spim
≤ 9.1.24

CVEs Like This One

CVE-2025-55599Shared CWE-120, CWE-787
CVE-2024-57578Shared CWE-120, CWE-787
CVE-2025-52221Shared CWE-120, CWE-787
CVE-2024-57703Shared CWE-120, CWE-787
CVE-2025-25664Shared CWE-120, CWE-787
CVE-2025-25663Shared CWE-120, CWE-787
CVE-2025-55611Shared CWE-120, CWE-787
CVE-2025-55602Shared CWE-120, CWE-787
CVE-2026-24793Shared CWE-120, CWE-787
CVE-2026-26284Shared CWE-125, CWE-787

References