CVE-2025-50129
Published: 25 August 2025
Summary
CVE-2025-50129 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Sail Sail. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 40.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the heap-based buffer overflow in SAIL library v0.9.8 by identifying, patching, or upgrading vulnerable components.
Implements memory protections like ASLR and DEP to mitigate exploitation of the heap buffer overflow leading to RCE.
Validates .tga image inputs prior to decoding to prevent processing of specially crafted files that trigger the buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in image decoder enables RCE via malicious .tga file opened by user (T1204.002), directly facilitating client-side exploitation (T1203).
NVD Description
A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code…
more
execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Deeper analysisAI
A heap-based buffer overflow vulnerability, designated CVE-2025-50129 and published on 2025-08-25, affects the PCX Image Decoding functionality in the SAIL Image Decoding Library version 0.9.8. The issue arises when decoding image data from a specially crafted .tga file, leading to memory corruption. This flaw is classified under CWE-122 (Heap-based Buffer Overflow) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
Attackers can exploit this vulnerability remotely over a network with low complexity and no required privileges, but it necessitates user interaction. Specifically, an attacker must convince a user to process a malicious .tga file using an application that incorporates the vulnerable SAIL library, triggering the buffer overflow and enabling remote code execution on the victim's system.
For mitigation details, refer to the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220, which provides analysis and recommendations specific to this vulnerability.
Details
- CWE(s)