Cyber Resilience

CVE-2025-29909

HighPublic PoC

Published: 17 March 2025

Published
17 March 2025
Modified
30 April 2025
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1595 94.9th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29909 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Nasa Cryptolib. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CryptoLib is a software library implementing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to protect communications between a spacecraft running NASA's core Flight System (cFS) and a ground station. Versions 1.3.3 and earlier contain a heap buffer overflow in the Crypto_TC_ApplySecurity() function, triggered by integer issues (CWE-191) that lead to out-of-bounds writes (CWE-787) when processing incoming Telecommand (TC) frames.

An unauthenticated attacker able to inject crafted TC frames into the processing path can trigger denial of service or, under favorable memory conditions, remote code execution. The flaw affects any ground station, mission control software, or other application that uses CryptoLib for TC handling without performing strict frame validation before calling the vulnerable function.

The project has published a fix in commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc, referenced in GitHub Security Advisory GHSA-q2pc-c3jx-3852. Operators are advised to apply the patch and ensure incoming TC frames are validated prior to security processing. The EPSS score has remained in the 0.16–0.20 range with no pronounced post-disclosure climb.

EU & UK References

Vulnerability details

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap…

more

buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames. A patch is available at commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes a remotely exploitable (AV:N, unauthenticated) heap buffer overflow in CryptoLib's TC frame processing function leading to RCE or DoS in ground station/mission control software, directly enabling exploitation of public-facing or network-accessible applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-29912Same product: Nasa Cryptolib
CVE-2026-21897Same product: Nasa Cryptolib
CVE-2025-30216Same product: Nasa Cryptolib
CVE-2026-22697Same product: Nasa Cryptolib
CVE-2025-29911Same product: Nasa Cryptolib
CVE-2025-29913Same product: Nasa Cryptolib
CVE-2025-54878Same product: Nasa Cryptolib
CVE-2026-22023Same product: Nasa Cryptolib
CVE-2025-29910Same product: Nasa Cryptolib
CVE-2026-21898Same product: Nasa Cryptolib

Affected Assets

nasa
cryptolib
≤ 1.4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the heap buffer overflow by applying the available patch in CryptoLib commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc.

prevent

Information input validation enforces strict checking of incoming TC frames to prevent malformed inputs from triggering the out-of-bounds memory writes in Crypto_TC_ApplySecurity().

prevent

Memory protection mechanisms such as ASLR and non-executable heap mitigate exploitation of the heap buffer overflow for remote code execution or denial of service.

References