Cyber Posture

CVE-2025-53557

CriticalPublic PoC

Published: 25 August 2025

Published
25 August 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 55.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53557 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Flaw remediation directly addresses the heap-based buffer overflow by identifying, reporting, and patching the vulnerability in libbiosig's MFER parsing.

SI-10 Information Input Validation good match
prevent

Information input validation prevents exploitation by checking the validity of specially crafted MFER files before parsing in libbiosig.

SI-16 Memory Protection good match
prevent

Memory protection safeguards such as address space layout randomization and data execution prevention mitigate arbitrary code execution from the heap buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Heap buffer overflow in MFER file parser enables remote unauthenticated arbitrary code execution (RCE) via crafted input, directly mapping to exploitation of public-facing apps or client-side execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…

more

trigger this vulnerability.

Deeper analysisAI

A heap-based buffer overflow vulnerability, tracked as CVE-2025-53557 and associated with CWE-122, affects the MFER parsing functionality in The Biosig Project's libbiosig library, specifically version 3.9.0 and the Master Branch at commit 35a819fa. Published on 2025-08-25, this flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Processing a specially crafted MFER file triggers the overflow, potentially enabling arbitrary code execution.

An unauthenticated attacker on the network can exploit this vulnerability with low complexity and no user interaction required. By providing a malicious MFER file to a vulnerable application using libbiosig, the attacker can achieve arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability.

For mitigation details, refer to the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2235.

Details

CWE(s)
CWE-122

Affected Products

libbiosig project
libbiosig
3.9.0

CVEs Like This One

CVE-2025-53853Same product: Libbiosig Project Libbiosig
CVE-2025-48005Same product: Libbiosig Project Libbiosig
CVE-2026-20777Same product: Libbiosig Project Libbiosig
CVE-2026-22891Same product: Libbiosig Project Libbiosig
CVE-2025-54462Same product: Libbiosig Project Libbiosig
CVE-2025-53511Same product: Libbiosig Project Libbiosig
CVE-2025-54485Same product: Libbiosig Project Libbiosig
CVE-2025-54482Same product: Libbiosig Project Libbiosig
CVE-2025-54493Same product: Libbiosig Project Libbiosig
CVE-2025-52581Same product: Libbiosig Project Libbiosig

References