CVE-2025-30216
Published: 25 March 2025
Summary
CVE-2025-30216 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Nasa Cryptolib. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation, directly mitigating the heap overflow by applying the available patch in CryptoLib commit 810fd66d592c883125272fef123c3240db2f170f.
Mandates validation of information inputs such as TM protocol packet Secondary Header Length against total packet length to prevent the unsafe memcpy triggering the heap overflow.
Implements memory protection mechanisms like address space randomization and non-executable heap to mitigate exploitation of the heap overflow even if unpatched.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated heap overflow in network packet processing function enables crafted packet exploitation of the public-facing service for arbitrary code execution.
NVD Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap…
more
Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.
Deeper analysisAI
CVE-2025-30216 is a heap overflow vulnerability affecting CryptoLib versions 1.3.3 and prior, a software library that implements the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for securing communications between spacecraft running NASA's core Flight System (cFS) and ground stations. The flaw occurs in the `Crypto_TM_ProcessSecurity` function at `crypto_tm.c:1735:8`, where processing the Secondary Header Length of a TM protocol packet—if it exceeds the packet's total length—triggers an unsafe memcpy operation into the dynamically allocated buffer `p_new_dec_frame`. This enables overwriting of adjacent heap memory. The vulnerability carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).
An unauthenticated attacker with network access can exploit this vulnerability by sending a specially crafted TM protocol packet to a vulnerable ground station or spacecraft system. Low attack complexity and no user interaction are required, allowing remote exploitation over the network. Successful exploitation enables heap memory corruption, potentially resulting in arbitrary code execution or system instability.
Mitigation is available via a patch in CryptoLib commit 810fd66d592c883125272fef123c3240db2f170f. Further details, including the advisory, are provided in the GitHub Security Advisory at GHSA-v3jc-5j74-hcjv.
Details
- CWE(s)