CVE-2025-54482
Published: 25 August 2025
Summary
CVE-2025-54482 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of flaws such as the buffer overflow in libbiosig by applying patches or updates from the vendor advisory.
Implements memory protections like stack canaries, ASLR, and non-executable stacks to prevent arbitrary code execution from the stack-based buffer overflow.
Mandates validation of untrusted MFER file inputs, including bounds checking on lengths like 'len', to block malformed files from triggering the overflow in libbiosig parsing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow enables remote arbitrary code execution via crafted MFER file input, directly mapping to exploitation of public-facing apps (T1190) and client execution (T1203).
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4: else if (tag==4) { // SPR if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr);
Deeper analysisAI
A stack-based buffer overflow vulnerability, designated CVE-2025-54482 and associated with CWE-121, affects the MFER parsing functionality in The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. The issue manifests on line 8751 of biosig.c during processing of a tag value of 4, where insufficient bounds checking on the 'len' parameter in an ifread call allows a specially crafted MFER file to overflow the buffer and enable arbitrary code execution.
With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is highly severe and exploitable remotely by unauthenticated attackers with low complexity and no user interaction required. Any application or system incorporating the affected libbiosig library that parses untrusted MFER files can be targeted; an attacker need only provide a malicious file to trigger the overflow, potentially gaining full control over the parsing process with high impacts to confidentiality, integrity, and availability.
Details on mitigation, including any patches or workarounds, are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234.
Details
- CWE(s)