CVE-2025-29909
Published: 17 March 2025
Summary
CVE-2025-29909 is a critical-severity Wrap or Wraparound (CWE-191) vulnerability in Nasa Cryptolib. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the heap buffer overflow by applying the available patch in CryptoLib commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc.
Information input validation enforces strict checking of incoming TC frames to prevent malformed inputs from triggering the out-of-bounds memory writes in Crypto_TC_ApplySecurity().
Memory protection mechanisms such as ASLR and non-executable heap mitigate exploitation of the heap buffer overflow for remote code execution or denial of service.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remotely exploitable (AV:N, unauthenticated) heap buffer overflow in CryptoLib's TC frame processing function leading to RCE or DoS in ground station/mission control software, directly enabling exploitation of public-facing or network-accessible applications.
NVD Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap…
more
buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames. A patch is available at commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc.
Deeper analysisAI
CVE-2025-29909 is a heap buffer overflow vulnerability (CWE-191, CWE-787) affecting CryptoLib versions 1.3.3 and prior. CryptoLib is a software-only library that implements the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between spacecraft running NASA's core Flight System (cFS) and ground stations. The issue resides in the `Crypto_TC_ApplySecurity()` function, where processing a specially crafted Telecommand (TC) frame triggers out-of-bounds memory writes.
The vulnerability is exploitable over the network by unauthenticated attackers with low complexity, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Any application or system relying on CryptoLib for TC processing without strict validation of incoming frames is vulnerable, including satellite ground stations and mission control software. Successful exploitation can cause denial of service (DoS) through crashes or, under certain conditions, remote code execution (RCE) via controlled memory corruption.
Mitigation is available via a patch in CryptoLib commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc. Security advisories, including GHSA-q2pc-c3jx-3852 on the NASA CryptoLib GitHub repository, provide further details on the fix and affected configurations. Practitioners should update to the patched version and implement input validation for TC frames.
Details
- CWE(s)