CVE-2025-46411
Published: 25 August 2025
Summary
CVE-2025-46411 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the buffer overflow vulnerability by requiring timely remediation through patching libbiosig as detailed in the Talos advisory.
Prevents exploitation by enforcing validation of MFER file inputs to detect and reject malformed structures that trigger the stack buffer overflow.
Mitigates stack-based buffer overflow exploitation through memory protections like stack canaries, ASLR, and DEP.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in file parser directly enables client-side arbitrary code execution via a malicious MFER file (T1204.002) or exploitation of client software (T1203).
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.
Deeper analysisAI
A stack-based buffer overflow vulnerability, tracked as CVE-2025-46411 and associated with CWE-121, affects the MFER parsing functionality in The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. This flaw allows a specially crafted MFER file to trigger the overflow, potentially leading to arbitrary code execution. The vulnerability received a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H), highlighting its high severity due to network accessibility and significant impacts on confidentiality, integrity, and availability.
An unauthenticated attacker can exploit this vulnerability by providing a malicious MFER file to an application or system that uses the affected libbiosig versions for parsing such files. Exploitation requires high attack complexity but does not necessitate user interaction or privileges. Successful exploitation enables arbitrary code execution with the privileges of the parsing process, potentially allowing full system compromise depending on the context in which libbiosig is deployed.
Details on mitigation, including any patches or workarounds, are provided in the Talos Intelligence advisory TALOS-2025-2236, available at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2236.
Details
- CWE(s)