CVE-2025-48005
Published: 25 August 2025
Summary
CVE-2025-48005 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the vulnerability by patching libbiosig to fix the heap-based buffer overflow in RHS2000 parsing.
Information input validation on RHS2000 files prevents specially crafted inputs from triggering the buffer overflow during parsing.
Memory protection mechanisms like ASLR and DEP mitigate arbitrary code execution resulting from the heap-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote heap buffer overflow in file parser directly enables unauthenticated RCE against a network-accessible application (T1190).
NVD Description
A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.
Deeper analysisAI
A heap-based buffer overflow vulnerability, tracked as CVE-2025-48005 and associated with CWE-122, affects the RHS2000 parsing functionality in The Biosig Project's libbiosig version 3.9.0 and the Master Branch at commit 35a819fa. This flaw allows a specially crafted RHS2000 file to trigger the overflow, potentially leading to arbitrary code execution. The vulnerability was published on 2025-08-25 and carries a CVSS v3.1 base score of 9.8, indicating critical severity.
Any remote attacker can exploit this vulnerability without privileges or user interaction, as it requires only network access and low complexity (AV:N/AC:L/PR:N/UI:N/S:U). By providing a malicious RHS2000 file to a vulnerable application using libbiosig, the attacker can achieve arbitrary code execution with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
Further details, including analysis and recommendations, are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2240.
Details
- CWE(s)