CVE-2025-29911
Published: 17 March 2025
Summary
CVE-2025-29911 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Nasa Cryptolib. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validating information inputs such as AOS frame lengths against max_frame_size before processing to directly prevent the heap buffer overflow in Crypto_AOS_ProcessSecurity.
SI-16 implements memory protections like address space randomization and non-executable memory to mitigate exploitation of the heap buffer overflow for RCE or DoS.
SI-2 mandates identifying, reporting, and correcting flaws like this buffer overflow vulnerability through patching or updates to CryptoLib.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploitation of heap buffer overflow in frame processing enables initial access via public-facing application exploitation (T1190) and denial of service via application/system exploitation (T1499.004).
NVD Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was…
more
identified in the `Crypto_AOS_ProcessSecurity` function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. The vulnerability lies in the function `Crypto_AOS_ProcessSecurity`, specifically during the processing of the Frame Error Control Field (FECF). The affected code attempts to read from the `p_ingest` buffer at indices `current_managed_parameters_struct.max_frame_size - 2` and `current_managed_parameters_struct.max_frame_size - 1` without verifying if `len_ingest` is sufficiently large. This leads to a heap buffer overflow when `len_ingest` is smaller than `max_frame_size`. As of time of publication, no known patched versions exist.
Deeper analysisAI
CryptoLib, a NASA-developed software library implementing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for securing communications between spacecraft running the core Flight System (cFS) and ground stations, contains a critical heap buffer overflow vulnerability in versions 1.3.3 and prior. Identified as CVE-2025-29911, the flaw resides in the `Crypto_AOS_ProcessSecurity` function during processing of the Frame Error Control Field (FECF). The vulnerable code reads from the `p_ingest` buffer at offsets `current_managed_parameters_struct.max_frame_size - 2` and `current_managed_parameters_struct.max_frame_size - 1` without checking if the input length `len_ingest` meets or exceeds `max_frame_size`, resulting in a buffer overflow when the AOS frame length is insufficient. This issue maps to CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 9.8.
A remote, unauthenticated attacker (AV:N/AC:L/PR:N/UI:N) can exploit this vulnerability over the network with low complexity and no user interaction by sending a maliciously crafted AOS frame. Successful exploitation reliably triggers a denial of service (DoS) due to the crash from the heap overflow, and may enable remote code execution (RCE) depending on the environment, granting high confidentiality, integrity, and availability impacts (C:H/I:H/A:H).
The primary advisory, published on the NASA CryptoLib GitHub repository (GHSA-7g6g-9gj4-8c68), confirms no patched versions exist as of the CVE publication date. Security practitioners should monitor for updates from the repository, implement input validation on AOS frame lengths prior to processing, and consider network segmentation or disabling affected CryptoLib functionality until patches are available.
This vulnerability affects space mission critical infrastructure, highlighting risks in satellite-ground communications where tampered frames could originate from compromised ground links or signal replay attacks, though no public evidence of real-world exploitation has been reported.
Details
- CWE(s)