Cyber Resilience

CVE-2025-30216

CriticalPublic PoC

Published: 25 March 2025

Published
25 March 2025
Modified
06 May 2025
KEV Added
Patch
CVSS Score v3.1 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
EPSS Score 0.0769 92.1th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30216 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Nasa Cryptolib. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CryptoLib is a software library implementing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to protect communications between a cFS-based spacecraft and ground stations. Versions 1.3.3 and earlier contain a heap overflow in the Crypto_TM_ProcessSecurity function at crypto_tm.c:1735, where an excessively large Secondary Header Length field in a TM protocol packet causes an out-of-bounds memcpy into the dynamically allocated p_new_dec_frame buffer. The flaw is tracked as CWE-122 and CWE-787 and carries a CVSS 3.1 score of 9.4.

An unauthenticated network attacker can send a crafted TM packet that triggers the overflow, allowing adjacent heap memory to be overwritten. Successful exploitation can result in arbitrary code execution or denial of service against the CryptoLib instance processing the packet.

The project has published a fix in commit 810fd66d592c883125272fef123c3240db2f170f; the corresponding GitHub Security Advisory GHSA-v3jc-5j74-hcjv recommends upgrading to a patched release. The current EPSS score of 0.0769 shows no material increase since disclosure.

EU & UK References

Vulnerability details

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap…

more

Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated heap overflow in network packet processing function enables crafted packet exploitation of the public-facing service for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-29912Same product: Nasa Cryptolib
CVE-2026-22697Same product: Nasa Cryptolib
CVE-2025-29911Same product: Nasa Cryptolib
CVE-2026-21897Same product: Nasa Cryptolib
CVE-2025-29909Same product: Nasa Cryptolib
CVE-2025-54878Same product: Nasa Cryptolib
CVE-2025-29913Same product: Nasa Cryptolib
CVE-2026-21898Same product: Nasa Cryptolib
CVE-2026-22026Same product: Nasa Cryptolib
CVE-2026-22023Same product: Nasa Cryptolib

Affected Assets

nasa
cryptolib
≤ 1.4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation, directly mitigating the heap overflow by applying the available patch in CryptoLib commit 810fd66d592c883125272fef123c3240db2f170f.

prevent

Mandates validation of information inputs such as TM protocol packet Secondary Header Length against total packet length to prevent the unsafe memcpy triggering the heap overflow.

prevent

Implements memory protection mechanisms like address space randomization and non-executable heap to mitigate exploitation of the heap overflow even if unpatched.

References