Cyber Resilience

CVE-2025-53557

CriticalPublic PoC

Published: 25 August 2025

Published
25 August 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0052 67.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53557 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A heap-based buffer overflow vulnerability, tracked as CVE-2025-53557 and associated with CWE-122, affects the MFER parsing functionality in The Biosig Project's libbiosig library, specifically version 3.9.0 and the Master Branch at commit 35a819fa. Published on 2025-08-25, this flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Processing a specially crafted MFER file triggers the overflow, potentially enabling arbitrary code execution.

An unauthenticated attacker on the network can exploit this vulnerability with low complexity and no user interaction required. By providing a malicious MFER file to a vulnerable application using libbiosig, the attacker can achieve arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability.

For mitigation details, refer to the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2235.

EU & UK References

Vulnerability details

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…

more

trigger this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap buffer overflow in MFER file parser enables remote unauthenticated arbitrary code execution (RCE) via crafted input, directly mapping to exploitation of public-facing apps or client-side execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-53853Same product: Libbiosig Project Libbiosig
CVE-2026-20777Same product: Libbiosig Project Libbiosig
CVE-2025-54462Same product: Libbiosig Project Libbiosig
CVE-2026-22891Same product: Libbiosig Project Libbiosig
CVE-2025-53511Same product: Libbiosig Project Libbiosig
CVE-2025-48005Same product: Libbiosig Project Libbiosig
CVE-2025-54482Same product: Libbiosig Project Libbiosig
CVE-2025-54484Same product: Libbiosig Project Libbiosig
CVE-2025-54485Same product: Libbiosig Project Libbiosig
CVE-2025-52581Same product: Libbiosig Project Libbiosig

Affected Assets

libbiosig project
libbiosig
3.9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the heap-based buffer overflow by identifying, reporting, and patching the vulnerability in libbiosig's MFER parsing.

prevent

Information input validation prevents exploitation by checking the validity of specially crafted MFER files before parsing in libbiosig.

prevent

Memory protection safeguards such as address space layout randomization and data execution prevention mitigate arbitrary code execution from the heap buffer overflow.

References