CVE-2025-29910

HighPublic PoC

Published: 17 March 2025

Published

17 March 2025

Modified

30 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0063 70.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29910 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Nasa Cryptolib. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identification, reporting, and correction of the specific memory leak flaw in CryptoLib to eliminate resource exhaustion.

SC-6 Resource Availability good match

prevent

Protects critical system resources like memory from exhaustion caused by repeated invocations of the leaking function in long-running processes.

SC-5 Denial-of-service Protection good match

prevent

Implements denial-of-service protections to mitigate remote exploitation of the memory leak leading to performance degradation and DoS.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Memory leak in network-accessible crypto function enables remote exploitation for application-level resource exhaustion and DoS without auth or interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A memory leak vulnerability was identified in…

the `crypto_handle_incrementing_nontransmitted_counter` function of CryptoLib versions 1.3.3 and prior. This vulnerability can lead to resource exhaustion and degraded system performance over time, particularly in long-running processes or systems processing large volumes of data. The vulnerability is present in the `crypto_handle_incrementing_nontransmitted_counter` function within `crypto_tc.c`. The function allocates memory using `malloc` without ensuring the allocated memory is always freed. This issue can lead to resource exhaustion, reduced system performance, and potentially a Denial of Service (DoS) in environments where CryptoLib is used in long-running processes or with large volumes of data. Any system using CryptoLib, especially those handling high-throughput or continuous data streams, could be impacted. As of time of publication, no known patched versions are available.

Deeper analysisAI

CVE-2025-29910 is a memory leak vulnerability in the `crypto_handle_incrementing_nontransmitted_counter` function within the `crypto_tc.c` file of NASA's CryptoLib, affecting versions 1.3.3 and prior. CryptoLib implements a software-only solution based on the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between spacecraft running the core Flight System (cFS) and ground stations. The flaw occurs because the function allocates memory using `malloc` without always freeing it, leading to gradual resource exhaustion and degraded system performance, especially in long-running processes or those handling large volumes of data.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges or user interaction required. Any unauthenticated remote attacker who can trigger the affected function—such as by sending crafted telemetry commands or data streams to a system using CryptoLib—can cause continuous memory leaks, resulting in resource exhaustion, reduced performance, and potential denial-of-service (DoS) conditions. Systems processing high-throughput or continuous data streams, like those in space communications, are particularly at risk.

The primary advisory is published on the NASA CryptoLib GitHub security page (GHSA-p38w-p2r8-g6g5). As of the CVE publication on 2025-03-17, no patched versions of CryptoLib were available, and mitigations are not detailed in the provided information; practitioners should monitor the repository for updates and consider workarounds such as limiting exposure to untrusted inputs or restarting affected processes periodically.

Details

CWE(s): CWE-401

Affected Products

nasa

cryptolib

all versions

CVEs Like This One

CVE-2026-21898Same product: Nasa Cryptolib

CVE-2026-22026Same product: Nasa Cryptolib

CVE-2026-22023Same product: Nasa Cryptolib

CVE-2025-29911Same product: Nasa Cryptolib

CVE-2025-54878Same product: Nasa Cryptolib

CVE-2026-22697Same product: Nasa Cryptolib

CVE-2026-21897Same product: Nasa Cryptolib

CVE-2025-29912Same product: Nasa Cryptolib

CVE-2025-29913Same product: Nasa Cryptolib

CVE-2025-30216Same product: Nasa Cryptolib

References

https://github.com/nasa/CryptoLib/security/advisories/GHSA-p38w-p2r8-g6g5
Exploit, Vendor Advisory · security-advisories@github.com
https://github.com/nasa/CryptoLib/security/advisories/GHSA-p38w-p2r8-g6g5
Exploit, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0