CVE-2025-54483
Published: 25 August 2025
Summary
CVE-2025-54483 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identifying, reporting, and correcting the stack-based buffer overflow flaw in libbiosig's MFER parsing at biosig.c line 8759.
Implements memory safeguards such as stack canaries, ASLR, and DEP to prevent arbitrary code execution from the stack-based buffer overflow in MFER tag 5 processing.
Mandates validation of MFER file inputs to enforce length limits before parsing tag 5, preventing oversized reads into the fixed-size buffer.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in MFER file parser directly enables remote code execution via a malicious file supplied to any application using the vulnerable library.
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5: else if (tag==5) //0x05: number of channels { uint16_t oldNS=hdr->NS; if (len>4) fprintf(stderr,"Warning MFER tag5 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr);
Deeper analysisAI
A stack-based buffer overflow vulnerability, designated CVE-2025-54483 and associated with CWE-121, affects the MFER parsing functionality in The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. The issue occurs in biosig.c at line 8759 during processing of tag 5, which represents the number of channels. When parsing a specially crafted MFER file, the vulnerability triggers an overflow due to improper handling of the input length, as indicated by a warning for lengths greater than 4 bytes followed by a read operation into a fixed-size buffer.
This vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely with low complexity, no privileges or user interaction required. Any attacker capable of supplying a malicious MFER file to an application using the affected libbiosig can trigger the buffer overflow, potentially leading to arbitrary code execution on the target system.
Further details are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234.
Details
- CWE(s)